Comparison of OAuth/OpenID Connect Security in America and Japan

Takamichi Saito, Satoshi Shibata, Tsubasa Kikuta

研究成果: Conference contribution査読

抄録

When we use an electronic commerce (EC) web application, the EC website authenticates users for a so-called social login that uses a social media account, e.g., Facebook, Google, or Twitter. In this case, it is mostly implemented using OAuth and OpenID Connect. However, the implementation of a website can involve privacy concerns or be vulnerable to various attacks. In this paper, we investigate the implementation of social logins for 500 American EC sites. We observed eight websites that acquired more user permissions from SNS than necessary, and 76 websites that may be vulnerable to attacks due to improper implementation or use of grant type not recommended by RFC. We compared these results.to the results of similar investigations into Japanese website.

本文言語English
ホスト出版物のタイトルAdvances in Networked-Based Information Systems - The 23rd International Conference on Network-Based Information Systems, NBiS 2020
編集者Leonard Barolli, Kin Fun Li, Tomoya Enokido, Makoto Takizawa
出版社Springer
ページ200-210
ページ数11
ISBN(印刷版)9783030578107
DOI
出版ステータスPublished - 2021
イベント23rd International Conference on Network-Based Information Systems, NBiS 2020 - Victoria, Canada
継続期間: 31 8 20202 9 2020

出版物シリーズ

名前Advances in Intelligent Systems and Computing
1264 AISC
ISSN(印刷版)2194-5357
ISSN(電子版)2194-5365

Conference

Conference23rd International Conference on Network-Based Information Systems, NBiS 2020
CountryCanada
CityVictoria
Period31/08/202/09/20

フィンガープリント 「Comparison of OAuth/OpenID Connect Security in America and Japan」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル