The security limitations of SSO in OpenID

International Conference on Advanced Communication Technology, ICACT

Volumn 3, Issue , 2008, Pages 1608-1611

  Oh, Hyun Kyung ^a,b   Jin, Seung Hun ^b  

^a University of Science and Technology (UST)   (South Korea)

^b Electronics and Telecommunications Research Institute (ETRI)   (South Korea)

Author keywords

Cookie based authentication system; ID management system; OpenID; Single Slgn On(SSO)

Indexed keywords

COOKIE-BASED AUTHENTICATION SYSTEM; ID MANAGEMENT SYSTEM; OPENID; SINGLE SLGN-ON (SSO);

DATA PRIVACY; INFORMATION THEORY; PROBLEM SOLVING; USER INTERFACES; WEB SERVICES;

NETWORK SECURITY;

EID: 44149084292     PISSN: 17389445     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICACT.2008.4494089     Document Type: Conference Paper

References (11)

1. www.openid.net
2. Eugene Tsyrklevich, Vlad Tsyrklevich, "OPENID Single Sign-On: Security story", BlackHat 2007.
3. http://openidenabled.com/
4. J.H. Yoo, "Recent Developments of Integrated Identity Management Technologies to realize Multi-Domain Single Sign On)", KNOM Reiview, Vol. 10, No. 1, August 2007
5. http://www.opengroup.org/security/sso/
6. Jan De Clercq, "Single Sign-On Architectures", Infrastructure Security: International Conference, InfraSec 2002 Bristol, UK, October 1-3, 2002. Proceedings
7. Burr, W., Dodson, D., and W. Polk, Ed., "Electronic Authentication Guideline," NIST, April 2006.
8. H.J.Koo, C.H.Hong, M.S.Kang, G.H.Lee, "An SAML based Management System for Secure Data Exchange between User and OSS", KNOM Review, Vol.7, No.2, December 2004.
9. www.myid.net
10. OpenID Provider Authentication Policy Extension 1.0 - Draft 2
11. Thawatchai Chomsiri, Faculty ofInformatics, Mahasarakham University, "HTTPS Hacking protection", AINAW'07