Role of Trust in OAuth 2.0 and OpenID Connect
Kavindu Dodanduwa, Ishara Kaluthanthri
TL;DR
This paper analyzes how trust is established and maintained among roles in OAuth 2.0 and OpenID Connect, which is essential for secure authorization and authentication processes.
Contribution
It provides a detailed analysis of trust establishment mechanisms between roles in OAuth 2.0 and OpenID Connect, clarifying their importance for protocol security.
Findings
Trust establishment is crucial for protocol security
Roles require pre-established or dynamically established trust
Understanding trust mechanisms aids in protocol implementation
Abstract
OAuth 2.0 is a framework for authorization. Being a framework, OAuth 2.0 allows extensions to build on top of it. OpenID Connect is one such extension which adds authentication layer using identity details. OAuth 2.0 define several roles that are required to complete the protocol. Both OAuth 2.0 and OpenID Connect involve interactions between these roles. These interactions require a pre-established trust or a trust establishment while protocol operate. This paper analyzes trust establishments between OAuth 2.0 roles and discuss important aspects of them. Such analysis is required for proper understanding of the protocols.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.