Authorization method of client applications in a heterogeneous distributed software system built on the basis of the HDP protocol

In this paper, the authorization of client applications in a software system built on the basis of the HDP protocol is considered. Authorization is the granting of rights to perform a certain operation and checking such rights when performing an operation. In computer systems, authorization is necessary to access protected information or methods of obtaining, aggregating secure information. In the case of a monolithic application, there are usually no difficulties in implementing authorization, because there are many ready-made solutions to this problem. In various programming languages and frameworks, a lot of libraries have accumulated, which expand the language capabilities for client authorization. To date, the most popular authentication protocol between two applications is OAuth. This protocol allows the application to get authorization from the service using HTTP requests. The main advantage of the approach is that the client does not transfer the login and password from its account to the trusted application, but only assigns certain rights that are reflected in the received token. OAuth uses interaction through the user's browser and direct interaction between the software systems to perform the full authorization process. This leads to the fact that the token necessary for authorization must be received manually, the protocol does not provide for the possibility of authorization of receipt in order to ensure the security of the user, as the latter must confirm its intention to transfer certain rights to a particular application. This is acceptable when the user wants to grant rights to his trusted application, but using OAuth becomes impossible to automate the interaction of two or more applications. In addition, OAuth requires a constantly running authorization server on a certain node of the software system. The method of authorization of client applications in a distributed system built on the basis of the HDP protocol is the possibility of storing and checking a token embedded in the core of the protocol. According to the specification of the HDP protocol, all the functionality of the data provider is divided into separate functions of the microservices. Each microservice may independently generate and issue tokens with regard to their lifetime. When requesting a service function that requires authentication, HDP first checks the availability of such a token in the ones already used and compares it to the expiration date. In the event that a valid token is found, the request will be forwarded to the microservice, otherwise a response will be issued with the HTTP header 401 and the request for the micro-service will not be sent.

Keywords

Authors

References