ROMEO: ReputatiOn Model Enhancing OpenID Simulator
نویسندگان
چکیده
OpenID is a standard decentralized initiative aimed at allowing Internet users to use the same personal account to access different services. Since it does not rely on any central authority, it is hard for such users or other entities to validate the trust level of each entity deployed in the system. Some research has been conducted to handle this issue, defining a reputation framework to determine the trust level of a relying party based on past experiences. However, this framework has been proposed in a theoretical way and some deeper analysis and validation is still missing. Our main contribution in this paper consist of a simulation environment able to validate the feasibility of the reputation framework and analyze its behaviour within different scenarios.
منابع مشابه
PseudoID: Enhancing Privacy for Federated Login
PseudoID is a federated login system that protects users from disclosure of private login data held by identity providers. We offer a proof of concept implementation of PseudoID based on blind digital signatures that is backward-compatible with a popular federated login system named OpenID. We also propose several extensions and discuss some of the practical challenges that must be overcome to ...
متن کاملRomeo: A Parametric Model-Checker for Petri Nets with Stopwatches
Last time we reported on Romeo, analyses with this tool were mostly based on translations to other tools. This new version provides an integrated TCTL model-checker and has gained in expressivity with the addition of parameters. Although there exists other tools to compute the state-space of stopwatch models, Romeo is the first one that performs TCTL model-checking on stopwatch models. Moreover...
متن کاملSystematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures
OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenIDenabled user accounts, and tens of thousands of supporting websites. While the security of the protocol is clearly critical, so far its security analysis has only been done in a partial and ad-hoc manner. This paper presents the results of a systematic analysis of the protocol using both formal model checking a...
متن کاملTrust and Reputation Models Comparison
Purpose – The purpose of this paper is to analyse and describe several trust and reputation models for distributed and heterogeneous networks and compare some of them in order to provide an evaluation amongst some of the most relevant works in this field. Design/methodology/approach – The authors have developed a trust and reputation models simulator for wireless sensor networks, called TRMSim-...
متن کاملAnalysing the Security of Google's Implementation of OpenID Connect
Many millions of users routinely use their Google accounts to log in to relying party (RP) websites supporting the Google OpenID Connect service. OpenID Connect, a newly standardised single-sign-on protocol, builds an identity layer on top of the OAuth 2.0 protocol, which has itself been widely adopted to support identity management services. It adds identity management functionality to the OAu...
متن کامل