Portal de Periódicos da CAPES

A Security Analysis of OpenID

2010; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-642-17303-5_6

1868-422X

Bart van Delft, Martijn Oostdijk,

Security and Verification in Computing

OpenID, a standard for Web single sign-on, has been gaining popularity both with Identity Providers, Relying Parties, and users. This paper collects the security issues in OpenID found by others, occasionally extended by the authors, and presents them in a uniform way. It attempts to combine the shattered knowledge into a clear overview. The aim of this paper is to raise awareness about security issues surrounding OpenID and similar standards and help shape opinions on what (not) to expect from OpenID when deployed in a not-so-friendly context.