Authentication and Access Control in Cloud-Based Systems.

Every organization places a high priority on maintaining the privacy and safety of sensitive data. Tokens are used to store sensitive information to prove one’s authenticity prior to accessing system resources and services. JSON Web Token (JWT) is one such token that contains user information and is generated on the server side and issued to users for authentication purposes. However, there is still a gap in the existing research, which can be addressed with the proposed token revocation scheme in this work. The token revocation scheme ensures that the tokens belonging to deactivated users in the system are invalidated to address the issue of unauthorized users reusing tokens. RBAC is employed in this paradigm to enable access control, which strengthens security by granting users different levels of permission to access system resources. With this introduced framework, users are guaranteed to not use the previous role that was assigned to them.