dc.contributor.advisor | Hämäläinen, Timo | |
dc.contributor.author | Vijayan, Anoop | |
dc.date.accessioned | 2021-01-04T07:37:36Z | |
dc.date.available | 2021-01-04T07:37:36Z | |
dc.date.issued | 2012 | |
dc.identifier.uri | https://jyx.jyu.fi/handle/123456789/73529 | |
dc.description.abstract | The combined use of OpenID and OAuth for authentication and authorization is gaining
popularity day by day in Internet. Because of its simplicity to understand, use and robustness,
they are used in many domains in web, especially where the apps and user base are huge like
social networking. Also it reduces the burden of typing the password every time for
authentication and authorization especially in hand-held gadgets.
After a simple problem scenario discussion, it is clear that the OpenID+OAuth combination has
some drawbacks from the authentication perspective. The two major problems discussed here
include problems caused due to transfer of user credentials over Internet and complexity in
setting up of two protocols separately for authentication and authorization.
Both the problems are addressed by extending OAuth2.0. By using Kerberos-like authentication,
the user has the possibility of not passing the credentials over Internet. It is worth to note that,
OAuth2.0 also uses some kind of tokens for authorizations similar to Kerberos. It could be seen
that extending OAuth2.0 to perform authentication removes the need for OpenID and its
problems completely. | en |
dc.format.extent | 81 | |
dc.format.mimetype | application/pdf | |
dc.language.iso | en | |
dc.subject.other | OpenID | |
dc.subject.other | OAuth | |
dc.subject.other | Kerberos | |
dc.title | Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks | |
dc.identifier.urn | URN:NBN:fi:jyu-202101041010 | |
dc.type.ontasot | Pro gradu -tutkielma | fi |
dc.type.ontasot | Master’s thesis | en |
dc.contributor.tiedekunta | Informaatioteknologian tiedekunta | fi |
dc.contributor.tiedekunta | Faculty of Information Technology | en |
dc.contributor.laitos | Informaatioteknologia | fi |
dc.contributor.laitos | Information Technology | en |
dc.contributor.yliopisto | Jyväskylän yliopisto | fi |
dc.contributor.yliopisto | University of Jyväskylä | en |
dc.contributor.oppiaine | Mobile Technology and Business (maisteriohjelma) | fi |
dc.contributor.oppiaine | Master's Degree Programme in Mobile Technology and Business | en |
dc.rights.copyright | Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty. | fi |
dc.rights.copyright | This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited. | en |
dc.type.publication | masterThesis | |
dc.contributor.oppiainekoodi | 601 | |
dc.subject.yso | Internet | |
dc.subject.yso | todentaminen | |
dc.subject.yso | verkkourkinta | |
dc.subject.yso | Internet | |
dc.subject.yso | authentication | |
dc.subject.yso | phishing | |
dc.format.content | fulltext | |
dc.type.okm | G2 | |