{"id":"https://openalex.org/W2086585882","doi":"https://doi.org/10.1108/ics-12-2013-0089","title":"Security evaluation of the OAuth 2.0 framework","display_name":"Security evaluation of the OAuth 2.0 framework","publication_year":2015,"publication_date":"2015-02-26","ids":{"openalex":"https://openalex.org/W2086585882","doi":"https://doi.org/10.1108/ics-12-2013-0089","mag":"2086585882"},"language":"en","primary_location":{"id":"doi:10.1108/ics-12-2013-0089","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-12-2013-0089","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information & Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5025576276","display_name":"Eugene Ferry","orcid":null},"institutions":[{"id":"https://openalex.org/I18452974","display_name":"Letterkenny Institute of Technology","ror":"https://ror.org/04ps1tq95","country_code":"IE","type":"education","lineage":["https://openalex.org/I18452974"]}],"countries":["IE"],"is_corresponding":true,"raw_author_name":"Eugene Ferry","raw_affiliation_strings":["Department of Computer Science, Letterkenny Institute of Technology, Letterkenny, Ireland","Dept of Computer Science, Letterkenny Institute of Technology, Letterkenny, Ireland"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Letterkenny Institute of Technology, Letterkenny, Ireland","institution_ids":["https://openalex.org/I18452974"]},{"raw_affiliation_string":"Dept of Computer Science, Letterkenny Institute of Technology, Letterkenny, Ireland","institution_ids":["https://openalex.org/I18452974"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004799599","display_name":"John O' Raw","orcid":null},"institutions":[{"id":"https://openalex.org/I18452974","display_name":"Letterkenny Institute of Technology","ror":"https://ror.org/04ps1tq95","country_code":"IE","type":"education","lineage":["https://openalex.org/I18452974"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"John O Raw","raw_affiliation_strings":["Deparment of Computer Science, Letterkenny Institute of Technology, Letterkenny, Ireland"],"affiliations":[{"raw_affiliation_string":"Deparment of Computer Science, Letterkenny Institute of Technology, Letterkenny, Ireland","institution_ids":["https://openalex.org/I18452974"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5002868461","display_name":"Kevin Curran","orcid":"https://orcid.org/0000-0001-5237-5355"},"institutions":[{"id":"https://openalex.org/I138801177","display_name":"University of Ulster","ror":"https://ror.org/01yp9g959","country_code":"GB","type":"education","lineage":["https://openalex.org/I138801177"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Kevin Curran","raw_affiliation_strings":["Computer Science Research Institute, University of Ulster, Londonderry, UK"],"affiliations":[{"raw_affiliation_string":"Computer Science Research Institute, University of Ulster, Londonderry, UK","institution_ids":["https://openalex.org/I138801177"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5025576276"],"corresponding_institution_ids":["https://openalex.org/I18452974"],"apc_list":null,"apc_paid":null,"fwci":8.7406,"has_fulltext":false,"cited_by_count":44,"citation_normalized_percentile":{"value":0.97470757,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"23","issue":"1","first_page":"73","last_page":"101"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6798677444458008},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5719137191772461},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.5175623297691345},{"id":"https://openalex.org/keywords/interoperability","display_name":"Interoperability","score":0.4759628176689148},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4649333655834198},{"id":"https://openalex.org/keywords/popularity","display_name":"Popularity","score":0.4495844841003418},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.44471195340156555},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.42763152718544006},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.4064599871635437},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.3339277505874634},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.1882064938545227}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6798677444458008},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5719137191772461},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.5175623297691345},{"id":"https://openalex.org/C20136886","wikidata":"https://www.wikidata.org/wiki/Q749647","display_name":"Interoperability","level":2,"score":0.4759628176689148},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4649333655834198},{"id":"https://openalex.org/C2780586970","wikidata":"https://www.wikidata.org/wiki/Q1357284","display_name":"Popularity","level":2,"score":0.4495844841003418},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.44471195340156555},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.42763152718544006},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.4064599871635437},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.3339277505874634},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.1882064938545227},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1108/ics-12-2013-0089","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-12-2013-0089","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information & Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.49000000953674316}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":32,"referenced_works":["https://openalex.org/W1269365933","https://openalex.org/W1774682829","https://openalex.org/W1785797725","https://openalex.org/W1801836452","https://openalex.org/W1832830177","https://openalex.org/W1992685726","https://openalex.org/W1999867863","https://openalex.org/W2000999400","https://openalex.org/W2009829087","https://openalex.org/W2023040061","https://openalex.org/W2033128885","https://openalex.org/W2034741851","https://openalex.org/W2039800398","https://openalex.org/W2091033888","https://openalex.org/W2093532524","https://openalex.org/W2103475742","https://openalex.org/W2112995928","https://openalex.org/W2133723082","https://openalex.org/W2148728911","https://openalex.org/W2150387335","https://openalex.org/W2247000483","https://openalex.org/W2247027790","https://openalex.org/W2254160488","https://openalex.org/W2283736639","https://openalex.org/W2483303494","https://openalex.org/W2484129280","https://openalex.org/W2522120027","https://openalex.org/W2522753635","https://openalex.org/W2535155814","https://openalex.org/W2536331933","https://openalex.org/W6602848459","https://openalex.org/W6638294888"],"related_works":["https://openalex.org/W2368605798","https://openalex.org/W2348524959","https://openalex.org/W2518037665","https://openalex.org/W2368049389","https://openalex.org/W2384861574","https://openalex.org/W2952704802","https://openalex.org/W4294565801","https://openalex.org/W4377091993","https://openalex.org/W4282964075","https://openalex.org/W196322901"],"abstract_inverted_index":{"Purpose":[0],"\u2013":[1,174,408,524],"The":[2,19,118,253,271,279,290,327,340,353,374,391,452,478],"interoperability":[3],"of":[4,21,34,49,124,128,152,179,186,216,243,258,412,423,437,448,494,542,555,633],"cloud":[5],"data":[6,296,347,516],"between":[7,40,498],"web":[8,27,76,338,519],"applications":[9,57],"and":[10,25,111,134,202,267,329,364,383,402,473,484,500,520,537,567,584,598,617,693,717,731,747],"mobile":[11],"devices":[12],"has":[13,64],"vastly":[14],"improved":[15],"over":[16],"recent":[17],"years.":[18],"popularity":[20],"social":[22],"media,":[23],"smartphones":[24],"cloud-based":[26],"services":[28],"have":[29,80],"contributed":[30],"to":[31,60,75,137,144,209,275,283,286,294,379,417,420,533,572,582,587,604,608,613,623,651,689,721,727,737,743],"the":[32,45,84,93,114,122,125,138,160,177,187,197,217,229,241,244,287,298,302,304,310,317,349,380,395,404,413,438,446,508,512,518,556,564,573,591,600,619,621,630,668,672,690,701,725,764,769],"level":[33,493],"integration":[35],"that":[36,159,316,426,507,529,546,675],"can":[37,164,468,680],"be":[38,165,307,418,652,681,722,759],"achieved":[39,497],"applications.":[41],"This":[42],"paper":[43],"investigates":[44],"potential":[46],"security":[47,126,178,552,639,653],"issues":[48,483,654,754],"OAuth,":[50],"an":[51,67,103,247,264,707],"authorisation":[52,168,265,280,303,311,328,375,378,709,750],"framework":[53,509],"for":[54,72,100,362,387,696,762],"granting":[55],"third-party":[56],"revocable":[58],"access":[59,74,285,389,397,515,586,612,625],"user":[61,305,601,620,631],"data.":[62,78,406,635],"OAuth":[63,82,94,105,131,161,180,224,245,249,453,525,558,576,636,678,705,757],"rapidly":[65],"become":[66,738],"interim":[68],"de":[69],"facto":[70],"standard":[71,86,767],"protecting":[73],"API":[77],"Vendors":[79],"implemented":[81,171,465,684],"before":[83],"open":[85],"was":[87,109,194,207,232,251,314],"officially":[88],"published.":[89],"To":[90,175,239],"evaluate":[91],"whether":[92],"2.0":[95,162,454],"specification":[96,163,455,692,726],"is":[97,157,456,496,505,526,545,706,712],"truly":[98,748],"ready":[99],"industry":[101,183],"application,":[102,263],"entire":[104,248],"client":[106,262,272,318,341,354,381],"server":[107,266,281,292,331,376,393],"environment":[108,250,679],"developed":[110,350,370,669],"validated":[112,394],"against":[113,235,700],"speciation":[115],"threat":[116,139,230,703],"model.":[117,140,704],"research":[119],"also":[120,344,357],"included":[121],"analysis":[123],"features":[127],"several":[129,660],"popular":[130,190,442],"integrated":[132],"websites":[133,191],"comparing":[135],"those":[136],"High-impacting":[141],"exploits":[142],"leading":[143],"account":[145],"hijacking":[146],"were":[147,221,332,415,430,444,664],"identified":[148,222,665],"with":[149,223,655],"a":[150,166,184,261,268,335,369,470,491,578,676,745],"number":[151],"major":[153],"online":[154],"publications.":[155],"It":[156,313,589,711],"hypothesised":[158],"secure":[167,472,677],"mechanism":[169,581],"when":[170,464,683],"correctly.":[172,685],"Design/methodology/approach":[173],"analyse":[176],"implementations":[181,735],"in":[182,192,228,445,460,486,528,666,714,724,741],"list":[185,447],"50":[188,218,440],"most":[189,441],"Ireland":[193],"retrieved":[195],"from":[196,297,309,323,348,602],"statistical":[198],"website":[199],"Alexa":[200],"(Noureddine":[201],"Bashroush,":[203],"2011).":[204],"Each":[205,226],"site":[206],"analysed":[208],"identify":[210],"if":[211],"it":[212,467,504,530],"utilised":[213],"OAuth.":[214],"Out":[215],"sites,":[219],"21":[220,414,449],"support.":[225],"vulnerability":[227],"model":[231],"then":[233],"tested":[234],"each":[236,388],"OAuth-enabled":[237,277,450],"site.":[238],"test":[240],"robustness":[242],"framework,":[246],"required.":[252],"proposed":[254],"solution":[255,670],"would":[256,306,320,343,356],"compose":[257],"three":[259],"parts:":[260],"resource":[269,288,291,330,351,392],"server.":[270,289,312,352],"application":[273,319,342,355,382],"needed":[274],"consume":[276,321,345],"services.":[278],"had":[282,293],"manage":[284],"expose":[295],"database":[299],"based":[300],"on":[301,517,760,768],"given":[308,702],"decided":[315],"emails":[322],"Google\u2019s":[324],"Gmail":[325],"API.":[326],"modelled":[333],"around":[334],"basic":[336],"task-tracking":[337],"application.":[339],"task":[346],"support":[358,534],"Single":[359],"Sign":[360],"On":[361],"Google":[363],"Facebook,":[365],"as":[366,368,642],"well":[367],"identity":[371],"provider":[372,744],"\u201cMyTasks\u201d.":[373],"delegated":[377],"stored":[384],"cryptography":[385,401],"information":[386,614],"grant.":[390],"supplied":[396],"token":[398],"via":[399],"public":[400],"returned":[403],"requested":[405],"Findings":[407],"Two":[409],"sites":[410,443],"out":[411],"found":[416],"susceptible":[419],"some":[421],"form":[422],"attack,":[424],"meaning":[425],"10.5":[427],"per":[428,435],"cent":[429,436],"vulnerable.":[431],"In":[432],"total,":[433],"18":[434],"world\u2019s":[439],"sites.":[451],"still":[457,713],"very":[458],"much":[459,718],"its":[461,715],"infancy,":[462,716],"but":[463,646],"correctly,":[466],"provide":[469],"relatively":[471],"interoperable":[474,749],"authentication":[475,580,657,766],"delegation":[476],"mechanism.":[477,751],"IETF":[479,557],"are":[480,502,561,568,648,694,755],"currently":[481],"addressing":[482],"expansions":[485],"their":[487,606,634,698],"working":[488],"drafts.":[489],"Once":[490,752],"strict":[492],"conformity":[495],"vendors":[499],"vulnerabilities":[501,663],"mitigated,":[503],"likely":[506],"will":[510,758],"change":[511],"way":[513],"we":[514],"other":[521],"devices.":[522],"Originality/value":[523],"flexible,":[527],"offers":[531],"extensions":[532,548],"varying":[535],"situations":[536],"existing":[538],"technologies.":[539],"A":[540],"disadvantage":[541],"this":[543],"flexibility":[544],"new":[547,551,570],"typically":[549],"bring":[550],"exploits.":[553],"Members":[554],"Working":[559],"Group":[560],"constantly":[562],"refining":[563],"draft":[565],"specifications":[566],"identifying":[569],"threats":[571],"expanding":[574],"functionality.":[575],"provides":[577],"flexible":[579],"protect":[583],"delegate":[585],"APIs.":[588],"solves":[590],"password":[592],"re-use":[593],"across":[594],"multiple":[595],"accounts":[596],"problem":[597],"stops":[599],"having":[603],"disclose":[605],"credentials":[607],"third":[609],"parties.":[610],"Filtering":[611],"by":[615],"scope":[616],"giving":[618],"option":[622],"revoke":[624],"at":[626],"any":[627,656],"point":[628],"gives":[629],"control":[632],"does":[637],"raise":[638],"concerns,":[640],"such":[641],"defying":[643],"phishing":[644],"education,":[645],"there":[647],"always":[649],"going":[650],"technology.":[658],"Although":[659],"high":[661],"impacting":[662],"industry,":[667],"proves":[671],"predicted":[673],"hypothesis":[674],"built":[682],"Developers":[686],"must":[687],"conform":[688],"defined":[691],"responsible":[695],"validating":[697],"implementation":[699],"evolving":[708],"framework.":[710],"work":[719],"needs":[720],"done":[723],"achieve":[728],"stricter":[729],"validation":[730],"vendor":[732],"conformity.":[733],"Vendor":[734],"need":[736],"better":[739],"aligned":[740],"order":[742],"rich":[746],"these":[753],"resolved,":[756],"track":[761],"becoming":[763],"definitive":[765],"web.":[770]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":3},{"year":2015,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}