Enhancing Security and Transparency of OAuth 2.0-enabled Resource Sharing Systems by Applying User-centric Authorization
In recent years, with the rising of social networks and social media, storing and sharing personal data on the Web has become increasingly popular. This data is not only shared with other users but also with other Web applications enabling them to integrate with each other.
The OAuth 2.0 framework has become a widely used open standard that enables sharing of resources with third-party applications by delegating certain rights of a user to another Web application in order authorize it to access resources. However, there have been several security flaws regarding OAuth 2.0, which mostly occurred due to the complexity and vagueness of its protocol flow, that lead to leaks of sensitive user data. What is more, due to the distribution of authorization information it is difficult for users to keep track of their shared data.
This thesis will therefore deal with the question of how to make resource sharing using the OAuth 2.0 protocol more secure and more transparent for its users. For this purpose, the issues of the protocol will be examined more closely in order to draw conclusions for improvement. Based on this analysis and the evaluation of existing authorization approaches, a concept to enhancing security and transparency will be developed placing emphasis on compatibility with existing OAuth 2.0 systems. Finally, a prototype implementation of this concept shall prove its feasibility.