• DocumentCode
    1581878
  • Title

    OpenID and the Enterprise: A Model-Based Analysis of Single Sign-On Authentication

  • Author

    Bellamy-McIntyre, Jacob ; Luterroth, Christof ; Weber, Gerald

  • Author_Institution
    Dept. of Comput. Sci., Univ. of Auckland, Auckland, New Zealand
  • fYear
    2011
  • Firstpage
    129
  • Lastpage
    138
  • Abstract
    Single sign-on (SSO) protocols allow one person to use the same login credentials for several organizations. Enterprises face increasing competitive pressure to position themselves with regard to SSO, yet the ramifications of a move to SSO are not fully understood. In this paper we discuss OpenID, a relatively new SSO protocol that is gaining traction on the web. We apply enterprise application modelling techniques to OpenID in order to obtain well-founded decision aids for enterprises: we show how published modelling approaches can be used to analyse risks in OpenID, and show that these can identify security problems with common OpenID practice. Finally, we propose analysis principles that condense important general insights of authentication modelling.
  • Keywords
    authorisation; corporate modelling; protocols; OpenID; SSO protocol; enterprise application modelling techniques; model-based analysis; security problems; single sign-on authentication; single sign-on protocols; Analytical models; Authentication; Educational institutions; Protocols; Servers; Unified modeling language; Authentication; Models; OpenID; SSO;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Enterprise Distributed Object Computing Conference (EDOC), 2011 15th IEEE International
  • Conference_Location
    Helsinki
  • ISSN
    1541-7719
  • Print_ISBN
    978-1-4577-0362-1
  • Electronic_ISBN
    1541-7719
  • Type

    conf

  • DOI
    10.1109/EDOC.2011.26
  • Filename
    6037567
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1581878