[OAUTH-WG] web sso study...

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 17 April 2012 14:45 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1210C21F852A for <oauth@ietfa.amsl.com>; Tue, 17 Apr 2012 07:45:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.024
X-Spam-Level:
X-Spam-Status: No, score=-102.024 tagged_above=-999 required=5 tests=[AWL=0.575, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QthFGPYWfYMF for <oauth@ietfa.amsl.com>; Tue, 17 Apr 2012 07:45:35 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id ED8B421F852E for <oauth@ietf.org>; Tue, 17 Apr 2012 07:45:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 196CF17147B for <oauth@ietf.org>; Tue, 17 Apr 2012 15:45:34 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:subject:mime-version :user-agent:from:date:message-id:received:received: x-virus-scanned; s=cs; t=1334673929; bh=TxXUa5F6nOhGf0025MIzpimr ha7XaEoSguOtM0SvmOA=; b=JxbajI7GAz3h0ASSx0CQ0at4lFdW4dNHot1vO4SE K6xzKStaBA5PRNT549tUifW8nVRh8Ipa8AdhEH/ds7Apn6cCrQNGqLdkx5dZHkxj BAjFWKhKnwzn/rwsfwIQQbfO6ZfwaRdy8ejkMi3CH3cEKdjGMfXpBpWgVFyfo/+n gJl+BGjSW9vS5+2HSphLbgzokCxz67TSYoHLAZSgzTf6i2/JVZW8tNlOtxvsLjTI ayMPvRzC1od226+k4V/LjvHOA0l2tyQtmcRYu/N838h6GfFypoNSaogL7j192x6r zLyekk9DakswO/uVNBQg21ysP8ten6qZTmOysjSaViEsug==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id iv-+XFqW0MM6 for <oauth@ietf.org>; Tue, 17 Apr 2012 15:45:29 +0100 (IST)
Received: from [IPv6:2001:770:10:203:a288:b4ff:fe9c:bc5c] (unknown [IPv6:2001:770:10:203:a288:b4ff:fe9c:bc5c]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 14BD3171477 for <oauth@ietf.org>; Tue, 17 Apr 2012 15:45:28 +0100 (IST)
Message-ID: <4F8D8208.5040001@cs.tcd.ie>
Date: Tue, 17 Apr 2012 15:45:28 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
X-Enigmail-Version: 1.4
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [OAUTH-WG] web sso study...
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Apr 2012 14:45:40 -0000

Hi all,

A recent news article [1] was brought to my attention this week
that's about a paper [2] which I've just read. While it mostly
deals with implementation and integration flaws, I'm wondering
if there's anything in there that could benefit any of the
oauth drafts. Anyone had a look at that already?

Be interesting if any similar analysis has been done on any
oauth 1.0 or 2.0 sites or implementations.

Ta,
S.

[1] http://www.itbusiness.ca/it/client/en/CDN/News.asp?id=66741
[2] https://research.microsoft.com/pubs/160659/websso-final.pdf