Authorization of Web Requests Based on Merkle Trees
Name
Gregor Eesmaa
Abstract
People should not have access to unauthorized data. Web applications can employ many different authentication and authorization schemes to accomplish this. To prove user permissions, session IDs or signed sets of claims are often used. However, scalability and efficiency are increasingly important in microservice architecture. It is also beneficial to decrease privacy risks when communicating with unknown parties. Thus, we propose a way of signing and selectively transmitting a large set of claims using the Merkle tree. In addition, we implement a JavaScript library based on the concept, that is optimized for many permissions and helps enhance user privacy when using microservices.
Graduation Thesis language
English
Graduation Thesis type
Bachelor - Computer Science
Supervisor(s)
Kristjan Krips
Defence year
2020