Jacob Bellamy-McIntyre, C. Lutteroth, Gerald Weber
{"title":"OpenID and the Enterprise: A Model-Based Analysis of Single Sign-On Authentication","authors":"Jacob Bellamy-McIntyre, C. Lutteroth, Gerald Weber","doi":"10.1109/EDOC.2011.26","DOIUrl":null,"url":null,"abstract":"Single sign-on (SSO) protocols allow one person to use the same login credentials for several organizations. Enterprises face increasing competitive pressure to position themselves with regard to SSO, yet the ramifications of a move to SSO are not fully understood. In this paper we discuss OpenID, a relatively new SSO protocol that is gaining traction on the web. We apply enterprise application modelling techniques to OpenID in order to obtain well-founded decision aids for enterprises: we show how published modelling approaches can be used to analyse risks in OpenID, and show that these can identify security problems with common OpenID practice. Finally, we propose analysis principles that condense important general insights of authentication modelling.","PeriodicalId":147466,"journal":{"name":"2011 IEEE 15th International Enterprise Distributed Object Computing Conference","volume":"117 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE 15th International Enterprise Distributed Object Computing Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EDOC.2011.26","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 19
Abstract
Single sign-on (SSO) protocols allow one person to use the same login credentials for several organizations. Enterprises face increasing competitive pressure to position themselves with regard to SSO, yet the ramifications of a move to SSO are not fully understood. In this paper we discuss OpenID, a relatively new SSO protocol that is gaining traction on the web. We apply enterprise application modelling techniques to OpenID in order to obtain well-founded decision aids for enterprises: we show how published modelling approaches can be used to analyse risks in OpenID, and show that these can identify security problems with common OpenID practice. Finally, we propose analysis principles that condense important general insights of authentication modelling.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
