A delegated authorization solution for smart-city mobile applications
| Autor: | Giada Sciarretta, Roberto Carbone, Silvio Ranise |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
Government
Authentication Delegation Application programming interface Computer science business.industry media_common.quotation_subject Internet privacy 020206 networking & telecommunications 02 engineering and technology Computer security computer.software_genre Open data Sustainable city Smart city 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Mobile telephony business computer media_common |
| Zdroj: | RTSI |
| Popis: | An increasingly popular scenario for Smart Cities is the one in which mobile apps attempt to access resources (e.g., open data about public transportation or e-government services) made available by city authorities through the use of Application Programming Interfaces (APIs). There is a growing awareness of the benefits of using APIs to foster civic engagement through a more efficient and personalized delivery of government services, and as an enabler of a new wave of innovation contributing to a more automated and sustainable city functioning. Despite these advantages, there are several factors hindering the exploitation of APIs. One of the most important technical barriers to the creation of mobile apps following the recurrent pattern of consuming data (e.g., selected parts of open data or user profiles) stored by other applications or services is the lack of a secure delegation mechanism. In this paper, we discuss the main security issues underlying the design of such a delegation mechanism for Smart City mobile apps and present a solution-based on OAuth 2.0-overcoming the security problems. An implementation of the solution has been integrated in the Smart Community Platform for developing open services in the Trentino region and is being used daily by up to 13,000 users. To date, no security issue has been reported. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|