67,680 research outputs found
Analysing the Security of Google's implementation of OpenID Connect
Many millions of users routinely use their Google accounts to log in to
relying party (RP) websites supporting the Google OpenID Connect service.
OpenID Connect, a newly standardised single-sign-on protocol, builds an
identity layer on top of the OAuth 2.0 protocol, which has itself been widely
adopted to support identity management services. It adds identity management
functionality to the OAuth 2.0 system and allows an RP to obtain assurances
regarding the authenticity of an end user. A number of authors have analysed
the security of the OAuth 2.0 protocol, but whether OpenID Connect is secure in
practice remains an open question. We report on a large-scale practical study
of Google's implementation of OpenID Connect, involving forensic examination of
103 RP websites which support its use for sign-in. Our study reveals serious
vulnerabilities of a number of types, all of which allow an attacker to log in
to an RP website as a victim user. Further examination suggests that these
vulnerabilities are caused by a combination of Google's design of its OpenID
Connect service and RP developers making design decisions which sacrifice
security for simplicity of implementation. We also give practical
recommendations for both RPs and OPs to help improve the security of real world
OpenID Connect systems
Protecting Fundamental Labor Rights: Lessons from Canada for the United States
This paper examines the decline in unionization in the United States that began to occur in about 1960. While various explanations have been put forward to explain this -- with many focusing on some form of structural changes to the economy or to the workforce, usually related to globalization or technological progress -- this paper focuses on the role that employer opposition to unions has played, together with relatively weak labor law. In order to fully flesh out the experience of the United States, it looks to the experience of Canada as the country most similar to it
Recommended from our members
FY2018 National Defense Authorization Act: Selected Military Personnel Issues
[Excerpt] Military personnel issues typically generate significant interest from many Members of Congress and their staffs. This report provides a brief synopsis of selected sections in the National Defense Authorization Act for FY2018 (H.R. 2810), as passed by the House on July 14, 2017, and the Senate on September 18, 2017. The FY2018 NDAA conference report was passed by the House on November 14, 2017, and the Senate on November 16, 2017. On December 12, President Donald J. Trump signed the bill into law (P.L. 115-91). Issues include military end-strengths, pay and benefits, and other personnel policy issues.
This report focuses exclusively on the NDAA legislative process. It does not include language concerning appropriations, or tax implications of policy choices, topics that are addressed in other CRS products. Issues that have been discussed in the previous yearâs defense personnel reports are designated with an asterisk in the relevant section titles of this report
The President and Nuclear Weapons: Authorities, Limits, and Process
There is no more consequential decision for a president than ordering a nuclear strike. In the Cold War, the threat of sudden nuclear annihilation necessitated procedures emphasizing speed and efficiency and placing sole decision-making authority in the presidentâs hands. In todayâs changed threat environment, the legal authorities and process a U.S. president would confront when making this grave decision merit reexamination. This paper serves as a resource in the national discussion about a presidentâs legal authority and the procedures for ordering a nuclear strike, and whether to update them
- âŠ