Commit 78a74e3b authored by Nikos Fotiou's avatar Nikos Fotiou
Browse files

more information about the project's modules

parent 7939d2ae
......@@ -2,7 +2,7 @@
## Introduction
Enabling Zero Trust Architectures using OAuth2.0 and Verifiable Credentials
(**ZeroTrustVC**) implements Authentication and Authorization for HTTP services
(**ZeroTrustVC**) implements Authentication and Authorization for HTTP-based resources
using [JWT-encoded Verifiable Credentials](https://www.w3.org/TR/vc-data-model/#json-web-token).
The project is undertaken by the [Mobile Multimedia Laboratory](https://mm.aueb.gr/)
of the [Athens University of Economics and Business](https://www.aueb.gr).
......@@ -15,12 +15,21 @@ of this paper [here](https://www.youtube.com/watch?v=B6biTo8w5zw)
## Description
ZeroTrustVC is an access control solution that relies on widely used standards,
composed of a VC issuer and a VC verifier. The VC issuer is an OAuth 2.0 authorization
composed of a VC issuer and a VC verifier.
The VC issuer is an OAuth 2.0 authorization
server extended with VC issuing capabilities. Issued VCs are encoded as JWT and signed
using JWS, improving compatibility and integration with existing tools. ZeroTrustVC
provides VC verifiers: a generic Python3-based, acting as transparent proxy, and a .NET
core framework authorization middleware for securing .NET web apps. Users
interact with ZeroTrustVC using standard OAuth 2.0 flows. ZeroTrustVC facilitates
consider VCs that describe the *capabilities* of a client over a protected resource.
Additionally, ZeroTrustVC VC issuer can perform VC revocations.
The VC verifier is an HTTP proxy, which is able to verify the validity and the
ownership of a VC. Additionally, the VC verifier validates whether or not
a VC can be used for executing a particular request.
ZeroTrustVC provides two VC verifiers: a generic Python3-based, acting as transparent proxy, and a .NET
core framework authorization middleware for securing .NET web apps.
Users interact with ZeroTrustVC using standard OAuth 2.0 flows. ZeroTrustVC facilitates
capabilities-based access control, supports efficient VC revocation, and enables
"strong authentication and authorization of every access request" enabling resource
access over public, untrusted networks, aka Zero -Trust Architectures (ZTAs).
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment