The Future of Authorization - OAuth2.1, GNAP, etc.
| Thesis type | Bachelor Thesis |
| Supervisor | Erwin Kupris |
| Starting date | As soon as possible |
| Skills | LaTeX, Git, Any programming language |
| Language | English (preferred), German |
| Industry cooperation | not possible |
| Publish date | 2023-03-13 |
Problem and context
Identity and Access Management (IAM) has the goal to only allow the right entities to access the right resources at the right time and for the right reasons. Therefore, IAM handles everything surrounding digital identities and their usage. This includes, but is not limited to, concepts such as Identification, Authentication, Authorization, Federation, and Provisioning.
The de-facto standard protocol for authorization is OAuth 2.0. Over the years, many extensions, additional features, and security enhancements to OAuth were standardized. This resulted in a rather large and obfuscated set of standards. This is why OAuth 2.1 aims to consolidate the best practices and relevant standards for future implementations.
The Grant Negotiation and Authorization Protocol (GNAP) takes a different approach by building a completely new standard. The goal of the GNAP working group is to overcome limitations of OAuth and building on its best practices.
Both of these approaches are still under developement and not yet well researched.
Goals
The thesis can focus on a number of sub-topics, including, but not limited to:
- Evaluating common requirements of authorization protocols
- Implementing a PoC
- Finding additional use cases
- Possibility to publish a resulting research paper
Thesis proposals for adjacent topics are welcome. Get in touch if you have further questions.
Literature
- https://justinsecurity.medium.com/moving-on-from-oauth-2-629a00133ade
- https://oauth.xyz/
- https://oauth.net/2.1/
- https://fusionauth.io/blog/2021/01/07/gnap-next-gen-oauth