摘要
为了提高OAuth2.0协议的安全性,文章在深入分析OAuth2.0协议的基础上提出了基于OAuth2.0协议的引入安全节点和同步机制的改进方法,改进了协议的授权流程。OAuth协议为目前较流行的身份认证授权协议,经历了OAuth1.0和OAuth2.0两个版本目前仍在不断的优化中。文章首先研究了OAuth2.0协议的基本原理,针对OAuth2.0协议在实施过程中可能存在的信息泄露方面的安全威胁,提出了基于OAuth2.0的在授权服务器中引入安全节点,同时在授权服务器和资源服务器之间引入同步机制的方法,从而在授权过程前期对授权申请的安全性进行检查并在授权过程中实现授权服务器和资源服务器信息的共享,对OAuth2.0协议进行优化。然后,文章对协议改进的思想和协议的抽象授权流程进行详细描述,对协议的实现架构、具体授权流程进行了详细的介绍。最后,结合工程应用实例给出系统设计方案,对改进的协议进行系统实现,通过协议改进前后的实验效果的对比,验证了改进协议的可行性和有效性。
To improve the security of protocol OAuth2.0, we optimize the protocol by introducing a security point and an synchronization mechanism based on the basic OAuth2.0 protocol. OAuth protocol for the current more popular authorization protocol, has experienced two versions of OAuth2.0 and OAuth1.0 is still in constant optimization. We proposed a new authorization process based on authorization code. Firstly, we studied the basic OAuth2.0 protocol. To prevent the security threats in information disclosure, we present a detailed model, in which a security node is introduced in the authorization server to check the security of authorization request, and a synchronization mechanism is introduced between the authorization server and the resource server to synchronize the information between the servers, then, we describes the new authorization model and the framework for realization of this protocol. Finally, we gave an example of system design to fulfill the new protocol model.
出处
《信息网络安全》
2016年第9期6-11,共6页
Netinfo Security
