PSU CSE 543 - Risks of the Passport Single Signon Protocol

Unformatted text preview:

Risks of thePassport SingleSignon Protocol-Laxman VembarSingle Signon What is single signon? Why use it?Microsoft Passport Uses Single Signon Uses existing web technologies (HTTPRedirects, Javascript, Cookies, SSL) Supports “Wallet” Protocol to storePersonal and Credit Card InformationPassport - First Login From Julien Couvreur's programming blogPassport - Subsequent access From Julien Couvreur's programming blogPassport - Sign out From Julien Couvreur's programming blogGeneral Issues with Passport User Interface Local Site Logout vs Passport Logout Key Management Does not talk about key generation andassignment issues uses same key to encrypt all passport cookies Central Point of attack Attractive for attackers Susceptible to DOS attacksGeneral Issues contd. Use of cookies when should they expire? Logout using cookies??? Automatic credential assignment All hotmail accounts were upgraded topassport


View Full Document

PSU CSE 543 - Risks of the Passport Single Signon Protocol

Documents in this Course
Agenda

Agenda

14 pages

HYDRA

HYDRA

11 pages

PRIMA

PRIMA

15 pages

CLIMATE

CLIMATE

15 pages

Load more
Download Risks of the Passport Single Signon Protocol
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Risks of the Passport Single Signon Protocol and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Risks of the Passport Single Signon Protocol 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?