Abstract
JSON Web Tokens (JWT) provide a scalable, distributed way of user access control for modern web-based systems. The main advantage of the scheme is that the tokens are valid by themselves – through the use of digital signing – also imply its greatest weakness. Once issued, there is no trivial way to revoke a JWT token. In our work, we present a novel approach for this revocation problem, overcoming some of the problems of currently used solutions. To compare our solution to the established solutions, we also introduce the mathematical framework of comparison, which we ultimately test using real-world measurements.
Subject
Computer Vision and Pattern Recognition,Software,Computer Science (miscellaneous),Electrical and Electronic Engineering,Information Systems and Management,Management Science and Operations Research,Theoretical Computer Science
Reference13 articles.
1. Characterizing Web user sessions
2. Auth0 Inc. Revoke tokens. URL: https://auth0.com/docs/
3. How to Generate Cryptographically Strong Sequences of Pseudorandom Bits
4. dWTV. Learn how to revoke JSON Web Tokens, 2017. URL: https://developer.ibm.com/tv/learn-how-to-revoke-json-web-tokens/
5. The OAuth 2.0 authorization framework;Hardt
Cited by
2 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Authentication and Access Control in Cloud-Based Systems;2023 Fourteenth International Conference on Ubiquitous and Future Networks (ICUFN);2023-07-04
2. OIDC-TCI: OIDC with Trust Context Information;2022 14th IFIP Wireless and Mobile Networking Conference (WMNC);2022-10-17