{"id":"https://openalex.org/W3032863003","doi":"https://doi.org/10.1145/3386723.3387888","title":"Web OAuth-based SSO Systems Security","display_name":"Web OAuth-based SSO Systems Security","publication_year":2020,"publication_date":"2020-03-31","ids":{"openalex":"https://openalex.org/W3032863003","doi":"https://doi.org/10.1145/3386723.3387888","mag":"3032863003"},"language":"en","primary_location":{"id":"doi:10.1145/3386723.3387888","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3386723.3387888","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 3rd International Conference on Networking, Information Systems &amp; Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5077382626","display_name":"Yassine Sadqi","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yassine Sadqi","raw_affiliation_strings":["Laboratory LIMATI, FPBM, USMS University, Beni Mellal, Morocco"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Laboratory LIMATI, FPBM, USMS University, Beni Mellal, Morocco","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009966539","display_name":"Yousra Belfaik","orcid":"https://orcid.org/0009-0000-6270-882X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yousra Belfaik","raw_affiliation_strings":["Laboratory LIMATI, FPBM, USMS University, Beni Mellal, Morocco"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Laboratory LIMATI, FPBM, USMS University, Beni Mellal, Morocco","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068940327","display_name":"Said Safi","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Said Safi","raw_affiliation_strings":["Laboratory LIMATI, FPBM, USMS Univesity, Beni Mellal, Morocco"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Laboratory LIMATI, FPBM, USMS Univesity, Beni Mellal, Morocco","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.2279,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.90584768,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9955999851226807,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9937999844551086,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/single-sign-on","display_name":"Single sign-on","score":0.8281375765800476},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7488443851470947},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.7137855291366577},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6425262093544006},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5865684151649475},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.5354613661766052},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.5341132283210754},{"id":"https://openalex.org/keywords/authorization","display_name":"Authorization","score":0.48259198665618896},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.4737183451652527},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.43673160672187805},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.33619505167007446},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.18742531538009644},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.1781969964504242}],"concepts":[{"id":"https://openalex.org/C2776362682","wikidata":"https://www.wikidata.org/wiki/Q568494","display_name":"Single sign-on","level":3,"score":0.8281375765800476},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7488443851470947},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.7137855291366577},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6425262093544006},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5865684151649475},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.5354613661766052},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.5341132283210754},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.48259198665618896},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.4737183451652527},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.43673160672187805},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.33619505167007446},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.18742531538009644},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.1781969964504242}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3386723.3387888","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3386723.3387888","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 3rd International Conference on Networking, Information Systems &amp; Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W1785797725","https://openalex.org/W2087226776","https://openalex.org/W2112995928","https://openalex.org/W2126123233","https://openalex.org/W2133723082","https://openalex.org/W2229250518","https://openalex.org/W2398053170","https://openalex.org/W2399231848","https://openalex.org/W2400427673","https://openalex.org/W2512714308","https://openalex.org/W2752929869","https://openalex.org/W2766106797"],"related_works":["https://openalex.org/W2075096692","https://openalex.org/W2728487846","https://openalex.org/W4386427074","https://openalex.org/W2156201195","https://openalex.org/W2613374639","https://openalex.org/W2187625726","https://openalex.org/W2371044121","https://openalex.org/W1967778478","https://openalex.org/W2045248154","https://openalex.org/W4313139008"],"abstract_inverted_index":{"In":[0,75,90],"the":[1,19,24,36,110,123,130,133,140,143,150,155,163],"present":[2],"digital":[3],"world,":[4],"users":[5],"have":[6,94],"to":[7,51,56,154],"access":[8],"multiple":[9],"applications":[10],"for":[11,30],"carrying":[12],"out":[13],"their":[14],"day-to-day":[15],"business":[16],"activities.":[17],"As":[18],"amount":[20],"of":[21,26,38,84,135,142],"apps":[22],"increase,":[23],"number":[25],"credentials":[27],"(e.g.":[28],"username/password)":[29],"each":[31,136],"user":[32,58],"increases":[33],"and":[34,73,128,147,159],"thereby":[35],"possibility":[37],"losing":[39],"or":[40,104],"forgetting":[41],"them":[42],"also":[43],"increases.":[44],"Single":[45],"Sign-On":[46],"(SSO)":[47],"can":[48],"be":[49],"used":[50],"solve":[52],"many":[53],"problems":[54,108,152],"related":[55,153],"web":[57],"authentication.":[59],"OAuth-based":[60,85],"SSO":[61,86],"Systems":[62],"are":[63],"widely":[64],"deployed":[65],"by":[66],"big":[67],"tech":[68],"companies":[69],"such":[70],"as":[71],"Facebook":[72],"Google.":[74],"this":[76],"paper":[77,115],"we":[78],"provide":[79],"an":[80],"in-depth":[81],"review":[82],"analysis":[83],"systems":[87],"security":[88,107,141,151],"issues.":[89],"fact,":[91],"previous":[92],"efforts":[93],"been":[95],"aimed":[96],"either":[97],"at":[98,105],"finding":[99,106],"errors":[100],"in":[101,121,162],"specific":[102],"implementations,":[103],"within":[109],"specification":[111,158],"itself.":[112],"The":[113],"main":[114],"contribution":[116],"is":[117],"twofold:":[118],"(1)":[119],"describe":[120],"detail":[122],"OAuth":[124,144,156],"2.0":[125,145,157],"authorization":[126],"flows":[127,134],"summarize":[129],"differences":[131],"between":[132],"scenario":[137],"that":[138],"affect":[139],"protocol,":[146],"(2)":[148],"examine":[149],"its":[160],"implementation":[161],"Web":[164],"environment.":[165]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}
