Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks
Tekijät
Päivämäärä
2012The combined use of OpenID and OAuth for authentication and authorization is gaining
popularity day by day in Internet. Because of its simplicity to understand, use and robustness,
they are used in many domains in web, especially where the apps and user base are huge like
social networking. Also it reduces the burden of typing the password every time for
authentication and authorization especially in hand-held gadgets.
After a simple problem scenario discussion, it is clear that the OpenID+OAuth combination has
some drawbacks from the authentication perspective. The two major problems discussed here
include problems caused due to transfer of user credentials over Internet and complexity in
setting up of two protocols separately for authentication and authorization.
Both the problems are addressed by extending OAuth2.0. By using Kerberos-like authentication,
the user has the possibility of not passing the credentials over Internet. It is worth to note that,
OAuth2.0 also uses some kind of tokens for authorizations similar to Kerberos. It could be seen
that extending OAuth2.0 to perform authentication removes the need for OpenID and its
problems completely.
...
Metadata
Näytä kaikki kuvailutiedotKokoelmat
- Pro gradu -tutkielmat [29743]
Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
Exploring Azure Active Directory Attack Surface : Enumerating Authentication Methods with Open-Source Intelligence Tools
Syynimaa, Nestori (SCITEPRESS Science And Technology Publications, 2022)Azure Active Directory (Azure AD) is Microsoft’s identity and access management service used globally by 90 per cent of Fortune 500 companies and many other organisations. Recent attacks by nation-state adversaries have ... -
An Efficient and Privacy-Preserving Blockchain-Based Authentication Scheme for Low Earth Orbit Satellite Assisted Internet of Things
Wang, Biying; Chang, Zheng; Li, Shancang; Hämäläinen, Timo (Institute of Electrical and Electronics Engineers (IEEE), 2022)Recently, integrating satellite networks (e.g. Low-earth-orbit satellite constellation) into the Internet of Things (IoT) ecosystem has emerged as a potential paradigm to provide more reliable, ubiquitous and seamless ... -
Authorized authentication evaluation framework for constrained environments
Poikolainen, Janne (2016)Internetin kasvu ei perustu tällä hetkellä vain uusien solmujen määrään, vaan Internet on levittäytymässä aivan uusille alueille. Viimeaikoina erilaiset tavat kerätä tietoa ja ohjata laitteita uusin tavoin ovat yleistyneet ... -
The extended therapy room coming from an authentic place... : a phenomenological-hermeneutic study of my experiences as a psychotherapist in the Extended Therapy Room
Håkansson, Carina (2014)Many times over the years as I've worked in the Extended Therapy Room in situations with others I have asked myself what in the work we do touches and affects, and what part I as a psychotherapist play in that. In what way ... -
The State of Phishing : An Analysis on The Indicators of Phishing Attacks
Airaksinen, Miku (2022)Tämän Pro Gradu -tutkielman tavoitteena oli analysoida kalasteluviestinnän sisältöä ja määritellä ne viestinnän piirteet, jotka viestinnän vastaanottava käyttäjä pystyy tunnistamaan kalastelun indikaattoreiksi. Tätä työtä ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.