{"title":"基于Web oauth的SSO系统安全性","authors":"Yassine Sadqi, Yousra Belfaik, S. Safi","doi":"10.1145/3386723.3387888","DOIUrl":null,"url":null,"abstract":"In the present digital world, users have to access multiple applications for carrying out their day-to-day business activities. As the amount of apps increase, the number of credentials (e.g. username/password) for each user increases and thereby the possibility of losing or forgetting them also increases. Single Sign-On (SSO) can be used to solve many problems related to web user authentication. OAuth-based SSO Systems are widely deployed by big tech companies such as Facebook and Google. In this paper we provide an in-depth review analysis of OAuth-based SSO systems security issues. In fact, previous efforts have been aimed either at finding errors in specific implementations, or at finding security problems within the specification itself. The main paper contribution is twofold: (1) describe in detail the OAuth 2.0 authorization flows and summarize the differences between the flows of each scenario that affect the security of the OAuth 2.0 protocol, and (2) examine the security problems related to the OAuth 2.0 specification and its implementation in the Web environment.","PeriodicalId":139072,"journal":{"name":"Proceedings of the 3rd International Conference on Networking, Information Systems & Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Web OAuth-based SSO Systems Security\",\"authors\":\"Yassine Sadqi, Yousra Belfaik, S. Safi\",\"doi\":\"10.1145/3386723.3387888\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the present digital world, users have to access multiple applications for carrying out their day-to-day business activities. As the amount of apps increase, the number of credentials (e.g. username/password) for each user increases and thereby the possibility of losing or forgetting them also increases. Single Sign-On (SSO) can be used to solve many problems related to web user authentication. OAuth-based SSO Systems are widely deployed by big tech companies such as Facebook and Google. In this paper we provide an in-depth review analysis of OAuth-based SSO systems security issues. In fact, previous efforts have been aimed either at finding errors in specific implementations, or at finding security problems within the specification itself. The main paper contribution is twofold: (1) describe in detail the OAuth 2.0 authorization flows and summarize the differences between the flows of each scenario that affect the security of the OAuth 2.0 protocol, and (2) examine the security problems related to the OAuth 2.0 specification and its implementation in the Web environment.\",\"PeriodicalId\":139072,\"journal\":{\"name\":\"Proceedings of the 3rd International Conference on Networking, Information Systems & Security\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-03-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 3rd International Conference on Networking, Information Systems & Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3386723.3387888\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 3rd International Conference on Networking, Information Systems & Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3386723.3387888","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In the present digital world, users have to access multiple applications for carrying out their day-to-day business activities. As the amount of apps increase, the number of credentials (e.g. username/password) for each user increases and thereby the possibility of losing or forgetting them also increases. Single Sign-On (SSO) can be used to solve many problems related to web user authentication. OAuth-based SSO Systems are widely deployed by big tech companies such as Facebook and Google. In this paper we provide an in-depth review analysis of OAuth-based SSO systems security issues. In fact, previous efforts have been aimed either at finding errors in specific implementations, or at finding security problems within the specification itself. The main paper contribution is twofold: (1) describe in detail the OAuth 2.0 authorization flows and summarize the differences between the flows of each scenario that affect the security of the OAuth 2.0 protocol, and (2) examine the security problems related to the OAuth 2.0 specification and its implementation in the Web environment.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
