Logo des Repositoriums
 

Security analysis of OpenID

dc.contributor.authorSovis, Pavol
dc.contributor.authorKohlar, Florian
dc.contributor.authorSchwenk, Jörg
dc.contributor.editorFreiling, Felix C.
dc.date.accessioned2019-01-17T13:26:54Z
dc.date.available2019-01-17T13:26:54Z
dc.date.issued2010
dc.description.abstractOpenID is a user-centric and decentralized Single Sign-On system. It enables users to sign into Relying Partiesby providing an authentication assertion from an OpenID Provider. It is supported by many leading internet companies and there are over a billion accounts capable of using OpenID. We present a security analysis of OpenID and the corresponding extensions and reveal several vulnerabilities. This paper demonstrates how identity information sent within the OpenID protocol can be manipulated, due to an improper verification of OpenID assertions and no integrity protection of the authentication request.en
dc.identifier.isbn978-3-88579-264-2
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/19793
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofSicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-170
dc.titleSecurity analysis of OpenIDen
dc.typeText/Conference Paper
gi.citation.endPage340
gi.citation.publisherPlaceBonn
gi.citation.startPage329
gi.conference.date5.-7. Oktober 2010
gi.conference.locationBerlin
gi.conference.sessiontitleRegular Research Papers

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
329.pdf
Größe:
193.09 KB
Format:
Adobe Portable Document Format