Commit 08c6e44e authored by Nikos Fotiou's avatar Nikos Fotiou
Browse files

More information about the project

parent f5ef8217
# Enabling Zero Trust Architectures using OAuth2.0 and Verifiable Credentials
# ZeroTrustVC Project Summary
## About
## Introduction
Enabling Zero Trust Architectures using OAuth2.0 and Verifiable Credentials
(**ZeroTrustVC**) implements Authentication and Authorization for HTTP services
using [JWT-encoded Verifiable Credentials](https://www.w3.org/TR/vc-data-model/#json-web-token).
......@@ -12,3 +12,19 @@ for multi-tenant systems using OAuth 2.0 and Verifiable Credentials](https://mm.
by N. Fotiou, V.A. Siris, G.C. Polyzos, appeared in 30th International Conference
on Computer Communications and Networks (ICCCN). You can view a video presentation
of this paper [here](https://www.youtube.com/watch?v=B6biTo8w5zw)
## Description
ZeroTrustVC is an access control solution that relies on widely used standards,
composed of a VC issuer and a VC verifier. The VC issuer is an OAuth 2.0 authorization
server extended with VC issuing capabilities. Issued VCs are encoded as JWT and signed
using JWS, improving compatibility and integration with existing tools. ZeroTrustVC
provides VC verifiers: a generic Python3-based, acting as transparent proxy, and a .NET
core framework authorization middleware for securing .NET web apps. Users
interact with ZeroTrustVC using standard OAuth 2.0 flows. ZeroTrustVC facilitates
capabilities-based access control, supports efficient VC revocation, and enables
"strong authentication and authorization of every access request" enabling resource
access over public, untrusted networks, aka Zero -Trust Architectures (ZTAs).
## Solution overview
The following figure illustrates the modules of our solution
![ZeroTurstVC architecture](architecture.png "ZeroTurstVC architecture")
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment