Authorization and Access Control

This book focuses on various authorization and access control techniques, threats and attack modeling, including an overview of the Open Authorization 2.0 (OAuth 2.0) framework along with user-managed access (UMA) and security analysis. Important key concepts are discussed regarding login credentials with restricted access to third parties with a primary account as a resource server. A detailed protocol overview and authorization process, along with security analysis of OAuth 2.0, are also discussed in the book. Case studies of websites with vulnerability issues are included.

FEATURES

• Provides an overview of the security challenges of IoT and mitigation techniques with a focus on authorization and access control mechanisms
• Discusses a behavioral analysis of threats and attacks using UML base modeling
• Covers the use of the OAuth 2.0 Protocol and UMA for connecting web applications
• Includes role-based access control (RBAC), discretionary access control (DAC), mandatory access control (MAC) and permission-based access control (PBAC)
• Explores how to provide access to third-party web applications through a resource server by use of a secured and reliable OAuth 2.0 framework

This book is for researchers and professionals who are engaged in IT security, auditing and computer engineering.