Loading [a11y]/accessibility-menu.js
Enhancing OAuth With Blockchain Technologies for Data Portability | IEEE Journals & Magazine | IEEE Xplore

Enhancing OAuth With Blockchain Technologies for Data Portability


Abstract:

To satisfy the requirement of data portability, current service providers (or resource servers) usually provide OAuth-based schemes for third party applications (or clien...Show More

Abstract:

To satisfy the requirement of data portability, current service providers (or resource servers) usually provide OAuth-based schemes for third party applications (or clients) to access user data with the user's consent. To shoulder the costs of maintaining relationships with potential third party applications, a service provider may adopt delegate the task of authentication and authorization to an authorization server. However, current OAuth specification does not specify the interactions between an authorization server and a resource server. To address this limitation, this study proposes the MyDataChain framework to enhance the existing OAuth specification with blockchain technology. The proposed framework utilizes smart contracts to establish the standard interface to support the processes of authorization requesting, granting, and revocation. As blockchain technologies can ensure data integrity, the framework can use the data stored in the blockchain to resolve disputes among different parities. Moreover, as the proposed framework uses the Non-Interactive Zero-Knowledge (NIZK) scheme, the proposed framework can achieve its purpose without storing any personal identifiable or traceable data in the blockchain. Therefore, people cannot utilize information stored in the blockchain to compromise user privacy. Furthermore, this study implements a prototype system using Quorum blockchain technology. The experimental results show that the framework can be realized with existing blockchain technologies. Therefore, this study can provide a feasible privacy preserving means of achieving data portability and providing individuals the rights to be forgotten considering dispute resolution.
Published in: IEEE Transactions on Cloud Computing ( Volume: 11, Issue: 1, 01 Jan.-March 2023)
Page(s): 349 - 366
Date of Publication: 07 July 2021

ISSN Information:

Funding Agency:


Contact IEEE to Subscribe

References

References is not available for this document.