Authorization of Web Requests Based on Merkle Trees
Date
2020
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Tartu Ülikool
Abstract
People should not have access to unauthorized data. Web applications can employ many
different authentication and authorization schemes to accomplish this. To prove user
permissions, session IDs or signed sets of claims are often used. However, scalability and
efficiency are increasingly important in microservice architecture. It is also beneficial to
decrease privacy risks when communicating with unknown parties. Thus, we propose a
way of signing and selectively transmitting a large set of claims using the Merkle tree. In
addition, we implement a JavaScript library based on the concept, that is optimized
Description
Keywords
authorization, claims, efficiency, privacy, Merkle tree, cryptographic hash tree