Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

OAuth versioner 1.0a och 2.0 - En säkerhetsjämförelse

Thorsberg, Johan and Lindholm, Joel (2013)
Computer Science and Engineering (BSc)
Abstract
In this work two versions of Oauth have been analyzed, the protocol OAuth 1.0a and the newer framework OAuth 2.0. A higher version number is often considered a good thing, but OAuth 2.0 has encountered much criticism. It has been criticised of not being safe enough while OAuth 1.0a was criticised of being very complicated protocol to implement, which has stopped it from growing as expected.
The following problem is solved with OAuth: a resource owner has resources on a server. A third party would like to use some of these resources in the resource owner's name. OAuth solves this by letting the resource owner authenticates at the server and agree that the third party is authorized to access the resources that the resource owner possesses.... (More)
In this work two versions of Oauth have been analyzed, the protocol OAuth 1.0a and the newer framework OAuth 2.0. A higher version number is often considered a good thing, but OAuth 2.0 has encountered much criticism. It has been criticised of not being safe enough while OAuth 1.0a was criticised of being very complicated protocol to implement, which has stopped it from growing as expected.
The following problem is solved with OAuth: a resource owner has resources on a server. A third party would like to use some of these resources in the resource owner's name. OAuth solves this by letting the resource owner authenticates at the server and agree that the third party is authorized to access the resources that the resource owner possesses.
The result of this work led to an implementation of an OAuth client to LinkedIn on PMCG Scandinavia AB's project portal. The result is an OAuth 2.0 solution that gives LinkedIn users the ability to log in to the project portal through LinkedIn. LinkedIns OAuth 2.0 solution was considered to be sufficiently safe and much easier to implement and maintain. (Less)
Please use this url to cite or link to this publication:
author
Thorsberg, Johan and Lindholm, Joel
organization
year
type
M2 - Bachelor Degree
subject
keywords
oauth, network communication, authentication, authorization, protocol, framework
language
Swedish
id
3865341
date added to LUP
2013-06-20 03:39:19
date last changed
2018-10-18 10:26:35
@misc{3865341,
  abstract     = {In this work two versions of Oauth have been analyzed, the protocol OAuth 1.0a and the newer framework OAuth 2.0. A higher version number is often considered a good thing, but OAuth 2.0 has encountered much criticism. It has been criticised of not being safe enough while OAuth 1.0a was criticised of being very complicated protocol to implement, which has stopped it from growing as expected.
The following problem is solved with OAuth: a resource owner has resources on a server. A third party would like to use some of these resources in the resource owner's name. OAuth solves this by letting the resource owner authenticates at the server and agree that the third party is authorized to access the resources that the resource owner possesses.
The result of this work led to an implementation of an OAuth client to LinkedIn on PMCG Scandinavia AB's project portal. The result is an OAuth 2.0 solution that gives LinkedIn users the ability to log in to the project portal through LinkedIn. LinkedIns OAuth 2.0 solution was considered to be sufficiently safe and much easier to implement and maintain.},
  author       = {Thorsberg, Johan and Lindholm, Joel},
  keyword      = {oauth,network communication,authentication,authorization,protocol,framework},
  language     = {swe},
  note         = {Student Paper},
  title        = {OAuth versioner 1.0a och 2.0 - En säkerhetsjämförelse},
  year         = {2013},
}