A comprehensive formal security analysis of OAuth 2.0
The OAuth 2.0 protocol is one of the most widely deployed authorization/single sign-on
(SSO) protocols and also serves as the foundation for the new SSO standard OpenID …
(SSO) protocols and also serves as the foundation for the new SSO standard OpenID …
SoK: SSO-MONITOR-The Current State and Future Research Directions in Single Sign-on Security Measurements
Single Sign-On (SSO) with OAuth 2.0 and OpenID Connect 1.0 is essential for user
authentication and autho-rization on the Internet. Billions of users rely on SSO services …
authentication and autho-rization on the Internet. Billions of users rely on SSO services …
Securing digital identities in the cloud by selecting an apposite Federated Identity Management from SAML, OAuth and OpenID Connect
Access to computer systems and the information held on them, be it commercially or
personally sensitive, is naturally, strictly controlled by both legal and technical security …
personally sensitive, is naturally, strictly controlled by both legal and technical security …
An extensive formal security analysis of the openid financial-grade api
D Fett, P Hosseyni, R Küsters - 2019 IEEE Symposium on …, 2019 - ieeexplore.ieee.org
Forced by regulations and industry demand, banks worldwide are working to open their
customers' online banking accounts to third-party services via web-based APIs. By using …
customers' online banking accounts to third-party services via web-based APIs. By using …
WEBAPIK: a body of structured knowledge on designing web APIs
With the rise in initiatives such as software ecosystems and Internet of Things (IoT),
developing robust web Application Programming Interfaces (web APIs) has become an …
developing robust web Application Programming Interfaces (web APIs) has become an …
Practical attacks on Login CSRF in OAuth
E Arshad, M Benolli, B Crispo - Computers & Security, 2022 - Elsevier
OAuth 2.0 is an important and well studied protocol. However, despite the presence of
guidelines and best practices, the current implementations are still vulnerable and error …
guidelines and best practices, the current implementations are still vulnerable and error …
Adaptive security architecture for protecting RESTful web services in enterprise computing environment
In this modern era of enterprise computing, the enterprise application integration (EAI) is a
well-known industry-recognized architectural principle that is built based on loosely coupled …
well-known industry-recognized architectural principle that is built based on loosely coupled …
Formal Security Analysis of the OpenID FAPI 2.0: Accompanying a Standardization Process
P Hosseyni, R Küsters, T Würtele - Cryptology ePrint Archive, 2024 - eprint.iacr.org
In recent years, the number of third-party services that can access highly-sensitive data has
increased steadily, eg, in the financial sector, in eGovernment applications, or in high …
increased steadily, eg, in the financial sector, in eGovernment applications, or in high …
The full gamut of an attack: An empirical analysis of OAuth CSRF in the wild
M Benolli, SA Mirheidari, E Arshad, B Crispo - Detection of Intrusions and …, 2021 - Springer
OAuth 2.0 is a popular and industry-standard protocol. To date, different attack classes and
relevant countermeasures have been proposed. However, despite the presence of …
relevant countermeasures have been proposed. However, despite the presence of …
" Only as Strong as the Weakest Link": On the Security of Brokered Single Sign-On on the Web
Abstract Single Sign-On (SSO) is an authentication process that allows users to access
multiple services with a single set of login credentials. Although SSO improves the user …
multiple services with a single set of login credentials. Although SSO improves the user …