期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2017
卷号:17
期号:10
页码:198-211
出版社:International Journal of Computer Science and Network Security
摘要:OpenID is a widely used identity management system (IdMS) by which identity providers (IdPs) provide their users with 'open' identities that can be used to log in to particular relaying parties (RPs). OpenID implements a single sign-on (SSO) solution that reduces the number of authentication credentials that are required. An SSO permits users to authenticate themselves to many SPs by using one set of authentication credentials. OpenID is faster and easier than the traditional method, which requires the user to manage a large number of digital identities, since each SP only recognises the identity it has issued. This increases the security risk of identity theft and, at the same time, forms an obstacle with regard to user convenience. The aim of this paper is to analyse the security of OpenID by identifying its weaknesses and vulnerabilities using OWASP tools, and to enhance OpenID current protocols by proposing a novel high-level integration model of OpenID and Higgins (an Information Card based IdMS).
