摘要:Web users often find it difficult to manage their identities (IDs) due to large number of web applications. An effective and convenient ID management system is needed to handle the problem. OpenID is one of the better solutions to manage this task on heterogeneous web applications due to its lightweight and simple protocol. However, it is quite vulnerable to session hijacking, resulting in identity theft of a particular user. In this paper, we present a modified approach, based on double authentication that minimizes the risk of session hijacking in an OpenID environment.
