Security requirements, particularly those on confidentiality, require IT processes to be compliant to the least privilege principle. OAuth 2.0, a currently broadly adopted authorization protocol, meets these requirements only partially. For example, due to unilateraly defined and service provider specific representation of access scopes, the possibility to granulary and interoperably structure access restrictions and authorizations is virtually eliminated. This problem concerns in particular cross-domain data exchanges, as the security measures in different organizations can be applied only in limited extent.
The architecture and relevant first results of ongoing work were presented in the scope of DISSECT Workshop at IEEE/IFIP NOMS Conference. The proposed approach addresses the security management of API-based interactions. The prospects of service providers, clients and data owners are taken into consideration to enable the contextual dependence in API-based data exchanges, as well as to support the granularity and interoperability in security management.