Abstract
Recent practical studies have revealed that, in practice, widely used identity management schemes such as OAuth 2.0 and OpenID Connect are often poorly implemented by relying parties, and as a result very serious vulnerabilities can result. In any event, any system relying on browser redirections, as is the case for OAuth 2.0 and OpenID Connect, is vulnerable to web-spoofing and phishing attacks. Many of these vulnerabilities would disappear if the user‘s browser (or other agent under user control) remained in charge of what credentials are divulged to whom, and when. We outline a system known as Uni-IdM, which has been successfully prototyped, which provides a generic service of this type. Through the installation of a simple JavaScript plugin, the user is provided with a unified means of managing and using all his or her credentials via a simple and intuitive interface, which will work with a multiplicity of identity management systems. This not only reduces the risk of credential and/or account compromise, but also greatly simplifies the work of the user in credential management as well as providing a much clearer view to the user of which end parties are being sent user information.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer Fachmedien Wiesbaden
About this paper
Cite this paper
Li, W., Mitchell, C.J. (2015). Addressing Threats to Real-World Identity Management Systems. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2015. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-10934-9_21
Download citation
DOI: https://doi.org/10.1007/978-3-658-10934-9_21
Published:
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-10933-2
Online ISBN: 978-3-658-10934-9
eBook Packages: Computer ScienceComputer Science (R0)