TY - GEN
T1 - Security flows in OAuth 2.0 framework: A case study
AU - Argyriou, Marios
AU - Dragoni, Nicola
AU - Spognardi, Angelo
PY - 2017
Y1 - 2017
N2 - The burst in smartphone use, handy design in laptops and tablets as well as other smart products, like cars with the ability to drive you around, manifests the exponential growth of network usage and the demand of accessing remote data on a large variety of services. However, users notoriously struggle to maintain distinct accounts for every single service that they use. The solution to this problem is the use of a Single Sign On (SSO) framework, with a unified single account to authenticate user’s identity throughout the different services. In April 2007, AOL introduced OpenAuth framework. After several revisions and despite its wide adoption, OpenAuth 2.0 has still several flaws that need to be fixed in several implementations. In this paper, we present a thorough review about both benefits of this single token authentication mechanism and its open flaws.
AB - The burst in smartphone use, handy design in laptops and tablets as well as other smart products, like cars with the ability to drive you around, manifests the exponential growth of network usage and the demand of accessing remote data on a large variety of services. However, users notoriously struggle to maintain distinct accounts for every single service that they use. The solution to this problem is the use of a Single Sign On (SSO) framework, with a unified single account to authenticate user’s identity throughout the different services. In April 2007, AOL introduced OpenAuth framework. After several revisions and despite its wide adoption, OpenAuth 2.0 has still several flaws that need to be fixed in several implementations. In this paper, we present a thorough review about both benefits of this single token authentication mechanism and its open flaws.
KW - Theoretical Computer Science
KW - Computer Science (all)
KW - Computer Science
KW - Logics and Meanings of Programs
KW - Programming Languages, Compilers, Interpreters
KW - Software Engineering
KW - Systems and Data Security
KW - Computer Applications
KW - Computer Systems Organization and Communication Networks
U2 - 10.1007/978-3-319-66284-8_33
DO - 10.1007/978-3-319-66284-8_33
M3 - Article in proceedings
SN - 9783319662831
T3 - Lecture Notes in Computer Science
SP - 396
EP - 406
BT - Proceedings of International Conference on Computer Safety, Reliability, and Security.
PB - Springer
T2 - International Conference on Computer Safety, Reliability, and Security
Y2 - 12 September 2017 through 15 September 2017
ER -