Security Issues in OAuth 2.0 SSO Implementations

@inproceedings{Li2014SecurityII,
  title={Security Issues in OAuth 2.0 SSO Implementations},
  author={Wanpeng Li and Chris J. Mitchell},
  booktitle={ISC},
  year={2014}
}
Many Chinese websites (relying parties) use OAuth 2.0 as the basis of a single sign-on service to ease password management for users. Many sites support five or more different OAuth 2.0 identity providers, giving users choice in their trust point. However, although OAuth 2.0 has been widely implemented (particularly in China), little attention has been paid to security in practice. In this paper we report on a detailed study of OAuth 2.0 implementation security for ten major identity providers… CONTINUE READING
Highly Cited
This paper has 24 citations. REVIEW CITATIONS

From This Paper

Topics from this paper.
13 Citations
21 References
Similar Papers

Citations

Publications citing this paper.
Showing 1-10 of 13 extracted citations

References

Publications referenced by this paper.
Showing 1-10 of 21 references

Murphi Analysis of OAuth 2.0

  • Q. Slack, R. Frostig
  • Implicit Grant Flow
  • 2011
Highly Influential
2 Excerpts

Open ID Authentication 2.0 — Final

  • D. Recordon, B. Fitzpatrick
  • 2007
Highly Influential
2 Excerpts

Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0

  • C. Scott, J. Kemp, R. Philpott, E. Maler
  • http://docs. oasis-open.org/security/saml/v2.0…
  • 2005
Highly Influential
3 Excerpts

Federated security: The Shibboleth approach

  • R. Morgan, S. Cantor, S. Carmody, W. Hoehn, K. Klingenstein
  • Educause Quarterly 27
  • 2004
Highly Influential
3 Excerpts

Similar Papers

Loading similar papers…