Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenID and the Enterprise: A Model-based Analysis of Single Sign-On Authentication Jacob Bellamy-McIntyre Christof Luterroth Gerald Weber Published.

Similar presentations


Presentation on theme: "OpenID and the Enterprise: A Model-based Analysis of Single Sign-On Authentication Jacob Bellamy-McIntyre Christof Luterroth Gerald Weber Published."— Presentation transcript:

1 OpenID and the Enterprise: A Model-based Analysis of Single Sign-On Authentication Jacob Bellamy-McIntyre Christof Luterroth Gerald Weber Published in: 15th International Enterprise Distributed Object Computing Conference, Shaurya Bhattarai

2 Summary Models of OpenID using published modelling techniques
2 models presented : User Interaction Model & System Level Model

3 Appreciation The System-Level model. Established all parts of the protocol and identified all potential threats. More useful than a textual specification. Field Study to examine a number of RP sites, establishes the variability of current OpenID implementations.

4 Criticism Some deductions of the authors seems not well founded.
“Similar statistics can be generated about the security practices of OpenID providers and given these potential problems...” “Authorisation protocols like Oath also lend themselves to our modelling approach...”

5 Question In the paper, the authors use a model to analyse security of an authentication protocol. Is use of a system model always a good way of analysing security of a system? Are there any disadvantages in doing so?


Download ppt "OpenID and the Enterprise: A Model-based Analysis of Single Sign-On Authentication Jacob Bellamy-McIntyre Christof Luterroth Gerald Weber Published."

Similar presentations


Ads by Google