An analysis on the revoking mechanisms for JSON Web Tokens

Jánoky, László Viktor; Levendovszky, János; Ekler, Péter

doi:10.1177/1550147718801535

Cited by 12 publications

(5 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…If a token is revoked in a group, only tokens signed with the group secret will be revoked, instead of all the tokens. As logouts are typically infrequent events, one can use statistical methods as described in [7] to calculate an optimal group size, which minimizes the number of unnecessary revocations while maintaining a manageable number of secrets.…”

Section: Basic Principlementioning

confidence: 99%

See 1 more Smart Citation

Evaluating the Performance of Novel JWT Revocation Strategy

2021

Self Cite

View full text Add to dashboard Cite

JSON Web Tokens (JWT) provide a scalable, distributed way of user access control for modern web-based systems. The main advantage of the scheme is that the tokens are valid by themselves – through the use of digital signing – also imply its greatest weakness. Once issued, there is no trivial way to revoke a JWT token. In our work, we present a novel approach for this revocation problem, overcoming some of the problems of currently used solutions. To compare our solution to the established solutions, we also introduce the mathematical framework of comparison, which we ultimately test using real-world measurements.

show abstract

Section: Basic Principlementioning

confidence: 99%

“…The mathematical framework is then validated with measurements on a real application. We also further elaborate on our novel solution, first introduced in [7]. After its brief introduction, our method is compared with the other strategies using the common mathematical framework.…”

Section: Introductionmentioning

confidence: 99%

Evaluating the Performance of Novel JWT Revocation Strategy

2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…After login, the Back-End issues a JSON web token (Jánoky et al, 2018) for the Front-End. All sensitive API endpoints of the Back-End are protected and require a valid JSON web token in the request's body.…”

Section: Container-based Architecturementioning

confidence: 99%

Forum 4.0: An Open-Source User Comment Analysis Framework

Haering

Andersen

Biemann

et al. 2021

Proceedings of the 16th Conference of the European Chapter of the Association for Computational Linguistics: System Demonstrati

View full text Add to dashboard Cite

With the increasing number of user comments in diverse domains, including comments on online journalism and e-commerce websites, the manual content analysis of these comments becomes time-consuming and challenging. However, research showed that user comments contain useful information for different domain experts, which is thus worth finding and utilizing. This paper introduces Forum 4.0, an opensource framework to semi-automatically analyze, aggregate, and visualize user comments based on labels defined by domain experts. We demonstrate the applicability of Forum 4.0 with comments analytics scenarios within the domains of online journalism and app stores. We outline the underlying container architecture, including the web-based user interface, the machine learning component, and the task manager for time-consuming tasks. We finally conduct machine learning experiments with simulated annotations and different sampling strategies on existing datasets from both domains to evaluate Forum 4.0's performance. Forum 4.0 achieves promising classification results (ROC-AUC ≥ 0.9 with 100 annotated samples), utilizing transformer-based embeddings with a lightweight logistic regression model. We explain how Forum 4.0's architecture is applicable for millions of user comments in real-time, yet at feasible training and classification costs.

show abstract

“…After successful authentication, user access details are packaged in JWT token encrypted by a common encryption key called the bearer token. 27 This key is sent each time the user requests the data and is retrieved by the decryption service.…”

Section: Providing the Structure Of The Security Servicesmentioning

confidence: 99%

Investigating the role of usable security in developers' intention toward security enhancement in service‐oriented applications

Jalali

Nia

Ermakova

et al. 2021

Security and Privacy

View full text Add to dashboard Cite

Security threats have increased in recent years. To motivate the developers to stick to the security policies, the notion of usable security is investigated. Enhancing the usability of security services leads to developing software products that are resilient against security threats. In this paper, we investigate the role of usable security in developers' intention toward fulfilling the security considerations through the development process. To study this, we conducted empirical research on 25 experts in the field of software development. We proposed a model for analyzing the research outcome using statistical inference based on an extension of the theory of planned behavior. In particular, we posit that attitude toward the development of usable services, subjective norms, and moral obligation are determinants of intention to develop usable security services. We developed 11 security services that are used in the development of service-oriented software. We asked the experts to integrate the security services in the software and studied the integration process using a detailed questionnaire. The findings indicate a strong positive influence of all correlations, which describe developers' intentions to develop usable secure services to 52%. Our insights enhance the understanding of developers' intentions toward developing usable secure services and their fulfillment.

show abstract

An analysis on the revoking mechanisms for JSON Web Tokens

Cited by 12 publications

References 5 publications

Evaluating the Performance of Novel JWT Revocation Strategy

Evaluating the Performance of Novel JWT Revocation Strategy

Forum 4.0: An Open-Source User Comment Analysis Framework

Investigating the role of usable security in developers' intention toward security enhancement in service‐oriented applications

Contact Info

Product

Resources

About