OpenID and the Enterprise: A Model-based Analysis of Single Sign-On Authentication Jacob Bellamy-McIntyre Christof Luterroth Gerald Weber Published.

Slides:

Advertisements

Similar presentations

Supply Models What are publishers offering and how can libraries access electronic journals and scholarly databases?

Advertisements

DDBMS Security - Bakul Gada.

IdM & OpenID Present by Fangli cai Prantap Bedi. The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes.

Troy Hutchison Service Oriented Architecture (SOA) Security.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Are Public Use (Micro) Data a Thing of the Past? John M. Abowd Cornell University US Census Bureau Prepared for IASSIST 2002.

Internet Protocol Security (IPSec)

COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Management Adrian Marshall.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Enterprise 2.0 Portals Using portals as web browsers Ensuring continued interest by internal users Creative design techniques and navigating content Consistent.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Contd. Assign responsibilities Structure team Clarify roles & authority Collect internal, information Select processes.

Scientific Paper. Elements Title, Abstract, Introduction, Methods and Materials, Results, Discussion, Literature Cited Title, Abstract, Introduction,

A CRAWLER BASED STUDY OF SPYWARE ON THE WEB Vijay Savanth The University of Auckland Computer Science Department A. Moshchuk, T.

A Data-Reachability Model for Elucidating Privacy and Security Risks Related to the Use of Online Social Networks S. Creese, M. Goldsmith, J. Nurse, E.

Virtual Private Network Benefits Classification Tunneling technique, PPTP, L2TP, IPSec Encryption Technology Key Management Technology Authentication Settings.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Providing Teleworker Services

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID Daniel Smith.

Review of: All You Can Eat or Breaking a Real-World Contactless Payment System Timo Kasper, Michael Silbermann, and Christof Paar Financial Cryptography.

1 Summarize from: Sustainability of ERPS performance outcomes: The role of post-implementation review quality Nicolaou A. and Bhattacharya S. International.

Modeling Complex Systems by Separating Application and Security Concerns H. Gomaa, M. Shin, "Modeling Complex Systems by Separating Application and Security.

File Transfer And Access (FTP, TFTP, NFS). Remote File Access, Transfer and Storage Networks For different goals variety of approaches to remote file.

Taking Control Do you need a contact management system (CMS)?

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

CMGT 430 OUTLET Teaching Effectively/ FOR MORE CLASSES VISIT

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

Towards Another Step from 3D Password to 4D Password:

Software Engineering Experimentation

The Secure Sockets Layer (SSL) Protocol

CMGT 430 UOP Course Tutorial

Professor Tzong-Chen Wu

Grid Computing Security Mechanisms: the state-of-the-art

OpenID and the Enterprise:

Using internet information critically Reading papers Presenting papers

IEEE CyberTrust workshop

An assessment framework for Intrusion Prevention System (IPS)

Identity Federations - Overview

Data and Applications Security Developments and Directions

Cryptography and Network Security

Computer Data Security & Privacy

An Efficient Software Protection Scheme

CMSC 414 Computer and Network Security Lecture 15

EA C451 Vishal Gupta.

Providing Teleworker Services

Mobile edge computing Report by Weiqing huang.

Information Seeking Behavior of Scientists

Chapter 8 Data Base Security

BTM 382 Database Management Chapter 1: Database systems

Partnerships Unit 8.2.

Research Methods: Concepts and Connections First Edition

Security & .NET 12/1/2018.

جايگاه گواهی ديجيتالی در ايران

Academic Paper Writing I

Providing Teleworker Services

The New Face of Information Retrieval: The Ankara University Open Access Platform Prof. Dr. Sekine Karakaş Prof. Dr. Doğan.

Strong Password Authentication Protocols

CLIENT/SERVER COMPUTING ENVIRONMENT

Firewalls Jiang Long Spring 2002.

The Secure Sockets Layer (SSL) Protocol

Providing Teleworker Services

Rehabilitation Library and Information Services

Chapter -8 Digital Signatures

A Model For Network Security

Providing Teleworker Services

RESEARCH General Principles - Examine what you know

HIP – FAS flows addendum to the OIDC integration guide for eBox HIPs.

Presentation transcript:

OpenID and the Enterprise: A Model-based Analysis of Single Sign-On Authentication Jacob Bellamy-McIntyre Christof Luterroth Gerald Weber Published in: 15th International Enterprise Distributed Object Computing Conference, 2011 Shaurya Bhattarai

Summary Models of OpenID using published modelling techniques 2 models presented : User Interaction Model & System Level Model

Appreciation The System-Level model. Established all parts of the protocol and identified all potential threats. More useful than a textual specification. Field Study to examine a number of RP sites, establishes the variability of current OpenID implementations.

Criticism Some deductions of the authors seems not well founded. “Similar statistics can be generated about the security practices of OpenID providers and given these potential problems...” “Authorisation protocols like Oath also lend themselves to our modelling approach...”

Question In the paper, the authors use a model to analyse security of an authentication protocol. Is use of a system model always a good way of analysing security of a system? Are there any disadvantages in doing so?