Authorization of Web Requests Based on Merkle Trees

Date

2020

Journal Title

Journal ISSN

Volume Title

Publisher

Tartu Ülikool

Abstract

People should not have access to unauthorized data. Web applications can employ many different authentication and authorization schemes to accomplish this. To prove user permissions, session IDs or signed sets of claims are often used. However, scalability and efficiency are increasingly important in microservice architecture. It is also beneficial to decrease privacy risks when communicating with unknown parties. Thus, we propose a way of signing and selectively transmitting a large set of claims using the Merkle tree. In addition, we implement a JavaScript library based on the concept, that is optimized

Description

Keywords

authorization, claims, efficiency, privacy, Merkle tree, cryptographic hash tree

Citation