[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[DotGNU]On Security Risks for Single Sign-on

From: Jean Camp
Subject: [DotGNU]On Security Risks for Single Sign-on
Date: Wed, 8 Aug 2001 17:39:44 +0100

No brain surgery in there, but dotgnu removes the single point of attack and also the cookies problem. Of course no system can fix the trojan window problem described by Alma Whitten of CMU.

"As just mentioned, one of the constraints of Passport is that it was designed to use existing web technologies, so that clients and servers need not be modified. The protocol leverages HTTP redirects, Javascript, cookies, and SSL. While Javascript is not absolutely required, it is highly recommended. Some of the attacks described below result from some fundamental problems with security on the web, and in particular, the public key infrastructure that is built into browsers. As such, they are not specific to Passport, but nonetheless represent risks of using that system (and
any system subject to these constraints). "
This message in no way represents the opinions of Harvard. Any opinions, thoughts, and misspellings are entirely my own. The contents of this message authored by Jean Camp are copyrighted, Camp, on the date of transmittal.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]