We are interested in a Java oriented backend framework that supports dynamically loadable plugins to extend a software platform easily. One such a framework is the Open Service Gateway Initiative (OSGI), as implemented by Apache Karaf.

The goal of this project is to build a demonstrator that shows:

-          How to integrate OAuth 2 / OpenID Connect for user authentication and authorization with OSGI / Apache Karaf and a frontend technology such as Angular.

-           How to integrate OAuth 2 / OpenID Connect with a relational database management system, such as Postgres, to authenticate and authorize users accessing data. It sufficient to show how a query by the DBMS can use an authenticated user id to check access rights.

Solution orientation

We have a basic platform available that allows to create dynamically loadable backend plugins. This can be used to try various solutions. To secure the front-end, it should not store any trusted information, except as cookies. However, OpenAuth heavily relies on tokens, which need to be stored at the client, e.g. the browser. This is considered insecure. A possible solution is the token handler pattern (see e.g. https://curity.io/blog/token-handler-the-single-page-applications-new-bff/). There are (party) implementations of this pattern.

Organizational context

This project is offered by The Value Engineers B.V., who will offer an internship compensation.

Required

An independent student with excellent working knowledge of Java, and a sense for secure designs.

Supervision

-       Dr. J. Gordijn (VU Amsterdam , The Value Engineers)

-        Emer. Prof. Dr. R.J. Wieringa (The Value Engineers)