Compare and Analysis of Different Access Controlling Mechanisms in OAuth 2.0

Özet

This article analyses the basic concepts associated with authorization methods and how existing solutions face the common problems in the modern world. Different possible methods are introduced to solve such kind of problems. This paper proposes a model for attribute-based access control for cross-domain sources using APIs. The model includes basic architectural decisions and principles of ABAC (attribute based access control), RBAC (role based access control) and OAuth. Within the capabilities of OAuth 2.0 and ABAC will allow you to implement an end-to-end security model that can protect the privacy of customers and employees, the most important transactions for the financial sectors, business, and in general the most sensitive data over the API gateway. It is also possible to filter the response message, which is very important for customers.