Comparison of OAuth/OpenID Connect Security in America and Japan

Takamichi Saito, Satoshi Shibata, Tsubasa Kikuta

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

When we use an electronic commerce (EC) web application, the EC website authenticates users for a so-called social login that uses a social media account, e.g., Facebook, Google, or Twitter. In this case, it is mostly implemented using OAuth and OpenID Connect. However, the implementation of a website can involve privacy concerns or be vulnerable to various attacks. In this paper, we investigate the implementation of social logins for 500 American EC sites. We observed eight websites that acquired more user permissions from SNS than necessary, and 76 websites that may be vulnerable to attacks due to improper implementation or use of grant type not recommended by RFC. We compared these results.to the results of similar investigations into Japanese website.

Original languageEnglish
Title of host publicationAdvances in Networked-Based Information Systems - The 23rd International Conference on Network-Based Information Systems, NBiS 2020
EditorsLeonard Barolli, Kin Fun Li, Tomoya Enokido, Makoto Takizawa
PublisherSpringer
Pages200-210
Number of pages11
ISBN (Print)9783030578107
DOIs
Publication statusPublished - 2021
Event23rd International Conference on Network-Based Information Systems, NBiS 2020 - Victoria, Canada
Duration: 31 Aug 20202 Sep 2020

Publication series

NameAdvances in Intelligent Systems and Computing
Volume1264 AISC
ISSN (Print)2194-5357
ISSN (Electronic)2194-5365

Conference

Conference23rd International Conference on Network-Based Information Systems, NBiS 2020
CountryCanada
CityVictoria
Period31/08/202/09/20

Fingerprint Dive into the research topics of 'Comparison of OAuth/OpenID Connect Security in America and Japan'. Together they form a unique fingerprint.

Cite this