Extending OpenID Connect Towards Mission Critical Applications

1. Pashalidis, A., C. J. Mitchell. A Taxonomy of Single Sign-on Systems. – In: Proc. of 8th Australasian Conference on Information Security and Privacy, Vol. 27, 2003, No 27, Springer, pp. 249-264.10.1007/3-540-45067-X_22Search in Google Scholar

2. Lewis, K. D., J. E. Lewis. Web Single Sign-on Authentication Using SAML. – International Journal of Computer Science Issues, Vol. 2, 2009, pp. 41-48.Search in Google Scholar

3. Li, W., C. J. Mitchell. Security Issues in OAuth 2.0 SSO Implementations. – In: Proc. of 17th International Conference on Information Security, Vol. 87, 2014, No 83, Springer, pp. 529-541.10.1007/978-3-319-13257-0_34Search in Google Scholar

4. Bai, G., J. Lei, G. Meng, S. S. Venkatraman et al. AUTHSCAN: Automatic Extraction of Web Authentication Protocols from Implementations. – In: Proc. of Network and Distributed System Security Symposium, 2013.Search in Google Scholar

5. Zhang, L., H.-y. Ning, Y.-y. Du, Y.-x. Cui, Y. Yang. A New Identity Authentication Scheme of Single Sign on for Multi-Database. – In: Proc. of 7th IEEE International Conference on Software Engineering and Service Science, 2016.Search in Google Scholar

6. Fett, D., R. Küsters, G. Schmitz. The Web SSO Standard OpenID Connect: In-Depth Formal Security Analysis and Security Guidelines. – In: Proc. of 30th IEEE Computer Security Foundations Symposium, 2017.Search in Google Scholar

7. Mukhamedov, Aybek. Full Agreement in BAN Kerberos. – In: Proc. of IEEE Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005, pp. 218-223.Search in Google Scholar

8. Abdelmajid, N. T., et al. Location-Based Kerberos Authentication Protocol. – In: Proc. of 2nd IEEE International Conference on Social Computing, 2010, pp. 1099-1104.10.1109/SocialCom.2010.163Search in Google Scholar

9. Shaw, J. Enterprise Single Sign-on: The Holy Grail of Computing. 2009.Search in Google Scholar

10. McIntosh, M., P. Austel. XML Signature Element Wrapping Attacks and Countermeasures. – In: Proc. of ACM Workshop on Secure Web Services, 2005, pp. 20-27.10.1145/1103022.1103026Search in Google Scholar

11. Bhargavan, K., C. Fournet, A. D. Gordon. An Advisor for Web Services Security Policies. – In: Proc. of ACM Workshop on Secure Web Services, 2005, pp. 1-9.10.1145/1103022.1103024Search in Google Scholar

12. Gruschka, N., N. Luttenberger, R. Herkenhöner. Event-Based SOAP Message Validation for WS-Security Policy-Enriched Web Services. – In: Proc. of International Conference on Semantic Web and Web Services, 2006, pp. 80-86.Search in Google Scholar

13. Rahaman, M. A., A. Schaad, M. Rits. Towards Secure SOAP Message Exchange in a SOA. – In: Proc. of 3rd ACM Workshop on Secure Web Services, 2006, pp. 77-84.10.1145/1180367.1180382Search in Google Scholar

14. Gajek, S., L. Liao, J. Schwenk. Breaking and Fixing the Inline Approach. – In: Proc. of ACM Workshop on Secure Web Services, 2007, pp. 37-43.10.1145/1314418.1314425Search in Google Scholar

15. Benameur, A., F. A. Kadir, S. Fenet. XML Rewriting Attacks: Existing Solutions and Their Limitations. – In: Proc. of International Conference on Applied Computing, 2008.Search in Google Scholar

16. Gajek, S., M. Jensen, L. Liao, J. Schwenk. Analysis of Signature Wrapping Attacks and Countermeasures. – In: Proc. of IEEE International Conference on Web Services, 2009, pp. 575-582.10.1109/ICWS.2009.12Search in Google Scholar

17. Jensen, M., L. Liao, J. Schwenk. The Curse of Namespaces in the Domain of xml Signature. – In: Proc. of ACM Workshop on Secure Web Services, 2009, pp. 29-36.10.1145/1655121.1655129Search in Google Scholar

18. Sakimura, N., J. Bradley et al. OpenID Connect Core 1.0. The OpenID Foundation, S3, 2014.Search in Google Scholar

19. Bellamy-McIntyre, J., C. Luterroth, G. Weber. OpenID and the Enterprise: A Model-Based Analysis of Single Sign-on Authentication. – In: Proc. of IEEE Conference on Enterprise Distributed Object Computing, 2011, pp. 129-138.Search in Google Scholar

20. Hardt, Dick. The OAuth 2.0 Authorization Framework. 2012.10.17487/rfc6749Search in Google Scholar

21. Alecu, F., P. Pocatilu, G. Stoica et al. OpenID, a Single Sign-on Solution for e-Learning Applications. – Journal of Mobile, Embedded and Distributed Systems, Vol. 3, 2011, No 3, pp. 136-141.Search in Google Scholar

22. Sun, S.-T., K. Hawkey, K. Beznosov. Systematically Breaking and Fixing Openid Security: Formal Analysis, Semi-Automated Empirical Evaluation, and Practical Countermeasures. – Journal Computers and Security, Vol. 31, 2012, No 4, pp. 465-483.10.1016/j.cose.2012.02.005Search in Google Scholar

23. Wang, H., C. Fan et al. A New Secure OpenID Authentication Mechanism Using One-Time Password (OTP). – In: Proc. of 7th International IEEE Conference on Wireless Communications, Networking and Mobile Computing, 2011, pp. 1-4.10.1109/wicom.2011.6040525Search in Google Scholar

24. Vinicius, C., T. G. Do. MultiAuth-WoT: A Multimodal Service for Web of Things Authentication and Identification. – In: Proc. of 21st Brazilian Symposium on Multimedia and the Web, 2015, pp. 17-24.Search in Google Scholar

25. Mladenov, V., C. Mainka et al. On the Security of Modern Single Sign-on Protocols – OpenID Connect 1.0. arXiv:1508.04324v1, 2015.Search in Google Scholar

26. Liang, D., et al. Fault Tolerant Web Service. – In: Proc. of 10th IEEE Asia-Pacific Conference on Software Engineering, 2003, pp. 310-319.Search in Google Scholar

27. Pinzón, C. I., J. Bajo, J. F. De Paz, J. M. Corchado. S-MAS: An Adaptive Hierarchical Distributed Multi-Agent Architecture for Blocking Malicious SOAP Messages within Web Services Environments. – In: Expert Systems with Applications, Vol. 38, 2011, No 5, pp. 5486-5499.Search in Google Scholar

28. Somorovsky, J., A. Mayer et al. On Breaking SAML: Be Whoever You Want to Be. – In: Proc. of 21st USENIX Security Symposium, 2012, pp. 397-412.Search in Google Scholar

29. Li, W., C. J. Mitchell, T. Chen. Mitigating CSRF Attacks on OAuth 2.0 and OpenID Connect. – In: Proc. of IEEE PST, 2018.10.1109/PST.2018.8514180Search in Google Scholar

30. Bekmezci, A. B., Ç. Eriş, P. S. Bölük. A Multi-Layered Approach to Securing Enterprise Applications by Using TLS, Two-Factor Authentication and Single Sign-on. – In: Proc. of 26th Signal Processing and Communications Applications Conference, 2018.10.1109/SIU.2018.8404773Search in Google Scholar

31. Benson, G., S. K. Chin, S. Croston, K. Jayaraman, S. Older. Banking on Interoperability: Secure, Interoperable Credential Management. – Computer Networks, Vol. 67, 2014, pp. 235-251.10.1016/j.comnet.2014.03.024Search in Google Scholar

32. Groß, T. Security Analysis of the SAML Single Sign-on Browser/Artifact Profile. – In: Proc. of 19th IEEE Conference on Computer Security Applications, 2003, pp. 298-307.Search in Google Scholar

33. Bhargav-Spantzel, A., A. C. Squicciarini, E. Bertino. Establishing and Protecting Digital Identity in Federation Systems. – J. Comput. Security, Vol. 14, 2006, No 3, pp. 269-300.10.3233/JCS-2006-14303Search in Google Scholar

34. Ali, A., M. Afzali. Towards Securing e-Banking by an Integrated Service Model Utilizing Mobile Confirmation. – Research Inventy: International Journal of Engineering and Science, Vol. 4, 2014, No 9, pp. 26-30.Search in Google Scholar

35. Ardagna, C. A., E. Damiani, F. Frati, S. Reale. Adopting Open Source for Mission-Critical Applications: A Case Study on Single Sign-on. – In: Proc. of IFIP International Conference on Open Source Systems, Springer, 2006, pp. 209-220.Search in Google Scholar

36. Zeller, W., E. W. Felten. Cross-Site Request Forgeries: Exploitation and Prevention. – The New York Times, 2008, pp. 1-13.Search in Google Scholar