Security Authorization Scheme for Web Applications

With the recent rapid growth of the World Wide Web, it has become common for an end user of Web services to delegate his or her authority to access protected resources to other service providers. OAuth 2.0 is being used widely as a means of accomplishing such delegation. OAuth 2.0 can securely delegate a user´s authority to Web applications without passing the end user´s ID or password. However, it has shown to involve many security concerns. In this paper, we reconsider the design of OAuth 2.0 and design a new delegation scheme using a different approach. We also show our implementation as a proof of concept.