1 |
C. Yue, "The devil is phishing: rethinking web single sign-on systems security," Proceedings of 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats, Aug. 2013.
|
2 |
D. Hardt, "The OAuth 2.0 authorization framework," RFC 6749, Oct. 2012.
|
3 |
OpenID.net, "OpenID connect core 1.0 incorporating errata set 1," https://openid.net/specs/openid-connect-core-1_0.html, Sep. 2021.
|
4 |
OASIS, "Assertions and protocols for the OASIS security assertion markup language (SAML) V2.0," http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf, Sep. 2021.
|
5 |
S.T. Sun and K. Beznosov, "The devil is in the (implementation) details: An empirical analysis of OAuth SSO systems," Proceedings of 2012 ACM Conference on Computer and Communications Security, pp. 378-390, Oct. 2012.
|
6 |
OpenID.net, "OpenID connect back-channel logout 1.0 - draft 06," https://openid.net/specs/openid-connect-backchannel-1_0.html, Sep. 2021.
|
7 |
M. Ghasemisharif, A. Ramesh, S. Checkoway, C. Kanich, and J. Polakis, "O single sign-off, where art thou? An empirical analysis of single sign-on account hijacking and session management on the web," Proceedings of 27th USENIX Security Symposium, pp. 1475-1492, Aug. 2018.
|
8 |
Github, "Puppeteer," https://github.com/puppeteer/puppeteer, Sep. 2021.
|
9 |
R. Yang, G. Li, W.C. Lau, K. Zhang, and P. Hu, "Model-based security testing: an empirical study on OAuth 2.0 implementations," Proceedings of 11th ACM on Asia Conference on Computer and Communications Security, pp. 651-662, May 2016.
|
10 |
J.D. Clercq, "Single sign-on architectures," Proceedings of International Conference on Infrastructure Security, LNCS 2437, pp. 40-58, Oct. 2002.
|