Open AccessEvaluating the Performance of Novel JWT Revocation Strategy
Author(s) -
László Viktor Jánoky,
Péter Ekler,
János Levendovszky
Publication year - 2021
Publication title -
acta cybernetica
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.143
H-Index - 18
eISSN - 2676-993X
pISSN - 0324-721X
DOI - 10.14232/actacyb.289455
Subject(s) - revocation , computer science , computer security , scalability , security token , database , operating system , overhead (engineering)
JSON Web Tokens (JWT) provide a scalable, distributed way of user access control for modern web-based systems. The main advantage of the scheme is that the tokens are valid by themselves – through the use of digital signing – also imply its greatest weakness. Once issued, there is no trivial way to revoke a JWT token. In our work, we present a novel approach for this revocation problem, overcoming some of the problems of currently used solutions. To compare our solution to the established solutions, we also introduce the mathematical framework of comparison, which we ultimately test using real-world measurements.