Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenID and the Enterprise: A Model-based Analysis of Single Sign-On Authentication Jacob Bellamy-McIntyre Christof Luterroth Gerald Weber Published.

Published byChester Perry Modified over 6 years ago

Similar presentations

Presentation on theme: "OpenID and the Enterprise: A Model-based Analysis of Single Sign-On Authentication Jacob Bellamy-McIntyre Christof Luterroth Gerald Weber Published."— Presentation transcript:

1 OpenID and the Enterprise: A Model-based Analysis of Single Sign-On Authentication Jacob Bellamy-McIntyre Christof Luterroth Gerald Weber Published in: 15th International Enterprise Distributed Object Computing Conference, Shaurya Bhattarai

2 Summary Models of OpenID using published modelling techniques
2 models presented : User Interaction Model & System Level Model

3 Appreciation The System-Level model. Established all parts of the protocol and identified all potential threats. More useful than a textual specification. Field Study to examine a number of RP sites, establishes the variability of current OpenID implementations.

4 Criticism Some deductions of the authors seems not well founded.
“Similar statistics can be generated about the security practices of OpenID providers and given these potential problems...” “Authorisation protocols like Oath also lend themselves to our modelling approach...”

5 Question In the paper, the authors use a model to analyse security of an authentication protocol. Is use of a system model always a good way of analysing security of a system? Are there any disadvantages in doing so?

Download ppt "OpenID and the Enterprise: A Model-based Analysis of Single Sign-On Authentication Jacob Bellamy-McIntyre Christof Luterroth Gerald Weber Published."

Similar presentations

Supply Models What are publishers offering and how can libraries access electronic journals and scholarly databases?

Supply Models What are publishers offering and how can libraries access electronic journals and scholarly databases?
DDBMS Security - Bakul Gada.

DDBMS Security - Bakul Gada.
IdM & OpenID Present by Fangli cai Prantap Bedi. The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes.

IdM & OpenID Present by Fangli cai Prantap Bedi. The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes.
Troy Hutchison Service Oriented Architecture (SOA) Security.

Troy Hutchison Service Oriented Architecture (SOA) Security.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Are Public Use (Micro) Data a Thing of the Past? John M. Abowd Cornell University US Census Bureau Prepared for IASSIST 2002.

Are Public Use (Micro) Data a Thing of the Past? John M. Abowd Cornell University US Census Bureau Prepared for IASSIST 2002.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Management Adrian Marshall.

COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Management Adrian Marshall.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
Enterprise 2.0 Portals Using portals as web browsers Ensuring continued interest by internal users Creative design techniques and navigating content Consistent.

Enterprise 2.0 Portals Using portals as web browsers Ensuring continued interest by internal users Creative design techniques and navigating content Consistent.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Contd. Assign responsibilities Structure team Clarify roles & authority Collect internal, information Select processes.

Contd. Assign responsibilities Structure team Clarify roles & authority Collect internal, information Select processes.
Scientific Paper. Elements Title, Abstract, Introduction, Methods and Materials, Results, Discussion, Literature Cited Title, Abstract, Introduction,

Scientific Paper. Elements Title, Abstract, Introduction, Methods and Materials, Results, Discussion, Literature Cited Title, Abstract, Introduction,
A CRAWLER BASED STUDY OF SPYWARE ON THE WEB Vijay Savanth The University of Auckland Computer Science Department A. Moshchuk, T.

A CRAWLER BASED STUDY OF SPYWARE ON THE WEB Vijay Savanth The University of Auckland Computer Science Department A. Moshchuk, T.
A Data-Reachability Model for Elucidating Privacy and Security Risks Related to the Use of Online Social Networks S. Creese, M. Goldsmith, J. Nurse, E.

A Data-Reachability Model for Elucidating Privacy and Security Risks Related to the Use of Online Social Networks S. Creese, M. Goldsmith, J. Nurse, E.
Virtual Private Network Benefits Classification Tunneling technique, PPTP, L2TP, IPSec Encryption Technology Key Management Technology Authentication Settings.

Virtual Private Network Benefits Classification Tunneling technique, PPTP, L2TP, IPSec Encryption Technology Key Management Technology Authentication Settings.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester 2008-2009.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Providing Teleworker Services

Providing Teleworker Services

Similar presentations

Ads by Google