Risks of thePassport SingleSignon Protocol-Laxman VembarSingle Signon What is single signon? Why use it?Microsoft Passport Uses Single Signon Uses existing web technologies (HTTPRedirects, Javascript, Cookies, SSL) Supports “Wallet” Protocol to storePersonal and Credit Card InformationPassport - First Login From Julien Couvreur's programming blogPassport - Subsequent access From Julien Couvreur's programming blogPassport - Sign out From Julien Couvreur's programming blogGeneral Issues with Passport User Interface Local Site Logout vs Passport Logout Key Management Does not talk about key generation andassignment issues uses same key to encrypt all passport cookies Central Point of attack Attractive for attackers Susceptible to DOS attacksGeneral Issues contd. Use of cookies when should they expire? Logout using cookies??? Automatic credential assignment All hotmail accounts were upgraded topassport
View Full Document