Skip to main content
SpringerLink
Log in

Access Control and Authorization Techniques w.r.t. Client Applications

  • Conference paper
  • First Online:
Book cover Data Intelligence and Cognitive Informatics

Part of the book series: Algorithms for Intelligent Systems ((AIS))

Abstract

This paper talks about multiple security requirements to provision, authenticate and authorize client applications, before allowing external client applications to access business critical applications. Paper provides insights on how an access-request should be authenticated, authorized, and honored, i.e., once the request is received by business applications (from external client application), how these requests should be securely processed by business applications before sending an access-response (back to external client application). Paper provides numerous security best practices to provision, authenticate and authorize client applications. Paper specifically emphasizes on mobile native applications that are stateless in nature and covers various implementation techniques of oAuth2.0 specification workflow.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 329.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens—IETF RFC 8705 by B. Campbell Ping Identity, J. Bradley Yubico, N. Sakimura Nomura Research Institute, T. Lodderstedt YES.com AG [February 2020]. https://tools.ietf.org/

  2. OAuth 2.0 Device Authorization Grant—IETF RFC 8628 by W. Denniss Google, J. Bradley Ping Identity, M. Jones Microsoft, H. Tschofenig ARM Limited [August 2019]. https://tools.ietf.org/

  3. OAuth 2.0 for Native Apps—IETF RFC 8252 by W. Denniss Google, J. Bradley Ping Identity [October 2017]. https://tools.ietf.org/

  4. Proof Key for Code Exchange by OAuth Public Clients—IETF RFC 7636 by N. Sakimura, Ed. Nomura Research Institute, J. Bradley Ping Identity, N. Agarwal Google [September 2015]. https://tools.ietf.org/

  5. JSON Web Signature (JWS)—IETF RFC 7515 by M. Jones Microsoft, J. Bradley Ping Identity, N. Sakimura NRI [May 2015]. https://tools.ietf.org/

  6. The OAuth 2.0 Authorization Framework—IETF RFC 6749 by D. Hardt, Ed. Microsoft [October 2012]. https://tools.ietf.org/

  7. A Primer on OAuth 2.0 for Client-Side Applications by Nallathamby, Johann [25 May 2020]. https://wso2.com/library/articles

  8. Deconstructing REST Security by Blevins, David (Tomitribe Resources) [11 April 2017]. https://www.tomitribe.com/resources/

  9. An Introduction to the OAuth Device Flow by Brady, Scott [27 March 2018]. https://www.scottbrady91.com/OAuth/An-Introduction-to-the-OAuth-Device-Flow

  10. Issuing mutual-TLS certificate-bound access tokens (Authlete Knowledge Base). https://kb.authlete.com/

  11. JSON Web Token (JWT): An overview—siddha development research and consultancy (SDRC)—enabling social change

    Google Scholar 

  12. Microsoft Threat Modeling Tool—Microsoft Threat Modeling Tool overview—Azure | Microsoft Docs [16 February 2017]

    Google Scholar 

  13. Third-Party Token-Based Authentication and Authorization for Session Initiation Protocol (SIP)—IETF RFC 8898 by R. Shekh-Yusef Auth0, C. Holmberg Ericsson, V. Pascual Nokia [September, 2020]. https://tools.ietf.org/

  14. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile—IETF RFC 5280 by D. Cooper NIST, S. Santesson Microsoft, S. Farrell Trinity College Dublin, S. Boeyen Entrust, R. Housley Vigil Security, W. Polk NIST [May 2008]. https://tools.ietf.org/

  15. JSON Web Token (JWT)—IETF RFC 7519 by M. Jones Microsoft, J. Bradley Ping Identity, N. Sakimura NRI [May 2015]. https://tools.ietf.org/

Download references

Author information

Authors and Affiliations

  1. Sector-44C, Chandigarh, 160047, India

    Akarsh Goel

Authors
  1. Akarsh Goel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, GITAM University, Bangalore, India

    I. Jeena Jacob

  2. Assistant Professor of Computer Science, Department of Mathematics and Computer Science, Ashland University, Ashland, OH, USA

    Selvanayaki Kolandapalayam Shanmugam

  3. Department of Telecommunication Engineering, Czech Technical University in Prague, Prague, Czech Republic

    Robert Bestak

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Goel, A. (2022). Access Control and Authorization Techniques w.r.t. Client Applications. In: Jacob, I.J., Kolandapalayam Shanmugam, S., Bestak, R. (eds) Data Intelligence and Cognitive Informatics. Algorithms for Intelligent Systems. Springer, Singapore. https://doi.org/10.1007/978-981-16-6460-1_2

Download citation

Publish with us

Policies and ethics

Search

Navigation