Analysing the Security of Google's implementation of OpenID Connect

Many millions of users routinely use their Google accounts to log in to relying party (RP) websites supporting the Google OpenID Connect service. OpenID Connect, a newly standardised single-sign-on protocol, builds an identity layer on top of the OAuth 2.0 protocol, which has itself been widely adopted to support identity management services. It adds identity management functionality to the OAuth 2.0 system and allows an RP to obtain assurances regarding the authenticity of an end user. A number of authors have analysed the security of the OAuth 2.0 protocol, but whether OpenID Connect is secure in practice remains an open question. We report on a large-scale practical study of Google's implementation of OpenID Connect, involving forensic examination of 103 RP websites which support its use for sign-in. Our study reveals serious vulnerabilities of a number of types, all of which allow an attacker to log in to an RP website as a victim user. Further examination suggests that these vulnerabilities are caused by a combination of Google's design of its OpenID Connect service and RP developers making design decisions which sacrifice security for simplicity of implementation. We also give practical recommendations for both RPs and OPs to help improve the security of real world OpenID Connect systems

Long-term changes in soil microbial communities during primary succession

Soil microbial communities (SMCs) play a critical role in the cycling of carbon and nutrients in terrestrial ecosystems, as well as regulating plant productivity and diversity. However, very little is known about long-term (decades-centuries) structural changes in these communities. The development of aboveground-belowground linkages during century-scale succession is also poorly understood. Our study addressed this knowledge gap by investigating SMC and plant communities undergoing primary succession on an 850-year chronosequence of lava flows in Iceland. We hypothesised that communities of microfungi and bacteria would respond to progressive changes in vegetation and that SMC diversity would increase with terrain age. Soil samples were collected from three lava flows at different stages of primary succession (165, 621 and 852 years after lava flow emplacement). Plant community composition was surveyed as the samples were collected. The composition of the SMCs present in the soil was determined using amplicon pyrosequencing. The physical and chemical properties of the soil were also analysed. The results of the study indicated changes in plant and fungal communities with increasing terrain age. Distinct plant and fungal assemblages were identified on the three sites and both communities became richer and more diverse with increasing terrain age. There was also evidence to suggest the development of mycorrhizal associations on older sites. In contrast, the composition and structure of the bacterial communities did not change systematically with terrain age. Similarly, there were few changes in soil properties: SOM concentrations and pH, both of which have been demonstrated to be important to SMCs, were constant across the chronosequence. These results suggest that plant community composition is significant for fungal communities, but less relevant for bacterial communities. This finding has implications for studies of primary succession and the biogeochemical impact of vegetation change in high-latitude ecosystems.This work was funded by a Small Ecological Project Grant from the British Ecological Society (grant number 2812/3507) and grants from the John Fell Fund, University of Oxford (grant number 091/148) and Trinity College, University of Cambridge.This is the accepted manuscript. The final version is available at http://www.sciencedirect.com/science/article/pii/S003807171300429X

Analysing multiparticle quantum states

The analysis of multiparticle quantum states is a central problem in quantum information processing. This task poses several challenges for experimenters and theoreticians. We give an overview over current problems and possible solutions concerning systematic errors of quantum devices, the reconstruction of quantum states, and the analysis of correlations and complexity in multiparticle density matrices.Comment: 20 pages, 4 figures, prepared for proceedings of the "Quantum [Un]speakables II" conference (Vienna, 2014

Changes to regulations and the gear used in the South African commercial fishery for Jasus lalandii

Alterations to the operational fishing gear used in the South African west coast rock lobster Jasus lalandii fishery and their resultant impacts are investigated. The most important developments have been: (i) a change during the 1960s from hand-hauled hoopnets to winch-hauled traps, with a concomitant modification of vessels; (ii) the introduction of deck-grid sorters in 1975; (iii) an increase during 1984 of minimum mesh aperture from 62 to 100 mm (stretched), with a concomitant decrease in the length of the trap codend; (iv) a decrease in the minimum legal size during the early1990s; and (v) the introduction of bottom-grid traps in 1994. Most of these alterations have been driven by a tradeoff between the need for greater operational efficiency and concerns surrounding the issue of how best to deal with the problem of catching and releasing specimens smaller than the minimum legal size.Keywords: fishing gear, fishing regulations, Jasus lalandii, rock lobsterAfrican Journal of Marine Science 2002, 24: 365–36

Trap selectivity and the effects of altering gear design in the South African rock lobster Jasus lalandii commercial fishery

The current trap fishery for the West Coast rock lobster Jasus lalandii in South African waters results in the capture, sorting and release of large numbers of undersized animals. Once removed from the water, they are vulnerable to damage from numerous sources. Even sub-lethal injury may result in a considerable reduction to individual productivity through decreased growth or reproductive potential. Given that the J. lalandii resource is heavily depleted, such wastage may have severe repercussions for the sustainability of the fishery. In an attempt to reduce these losses, 20% of the fishing gear used by the rock lobster industry has been modified to include grids designed to allow undersized rock lobsters (mainly females) to escape the traps before they are hauled. The efficiency of this gear (and two alternatives) was assessed by comparison with standard commercial gear over a range of fishing grounds. Results indicated that, in comparison to standard commercial traps, none of the alternative trap designs would be beneficial to the fishery in the long term, provided that overnight sets remain the most common fishing method. SELECT models were used to evaluate the fishing properties of commercial and bottom-grid traps relative to those of control (fine-mesh) traps. The results indicated that, given the choice, a rock lobster would preferentially enter a commercial trap, followed by a control trap, with bottom-grid traps being the least attractive. This suggests some level of saturation of control traps, a possibility that is of particular concern because the control trap design is used in a fishery-independent monitoring survey.Keywords: escape gaps, Jasus lalandii, rock lobster, SELECT models, trap selectivityAfrican Journal of Marine Science 2002, 24: 37–4

Scheikundig Onderzoek van Eenige Op Java Voorkomende Minerale Watern.

v. ; 27 cm.Publication suspended Mar. 1942-May 1946

Optical interconnect with densely integrated plasmonic modulator and germanium photodetector arrays

We demonstrate the first chip-to-chip interconnect utilizing a densely integrated plasmonic Mach-Zehnder modulator array operating at 3 x 10 Gbit/s. A multicore fiber provides a compact optical interface, while the receiver consists of germanium photodetectors

Ultra-long-TE arterial spin labeling reveals rapid and brain-wide blood-to-CSF water transport in humans

The study of brain clearance mechanisms is an active area of research. While we know that the cerebrospinal fluid (CSF) plays a central role in one of the main existing clearance pathways, the exact processes for the secretion of CSF and the removal of waste products from tissue are under debate. CSF is thought to be created by the exchange of water and ions from the blood, which is believed to mainly occur in the choroid plexus. This exchange has not been thoroughly studied in vivo. We propose a modified arterial spin labeling (ASL) MRI sequence and image analysis to track blood water as it is transported to the CSF, and to characterize its exchange from blood to CSF. We acquired six pseudo-continuous ASL sequences with varying labeling duration (LD) and post-labeling delay (PLD) and a segmented 3D-GRASE readout with a long echo train (8 echo times (TE)) which allowed separation of the very long-T2 CSF signal. ASL signal was observed at long TEs (793 ms and higher), indicating presence of labeled water transported from blood to CSF. This signal appeared both in the CSF proximal to the choroid plexus and in the subarachnoid space surrounding the cortex. ASL signal was separated into its blood, gray matter and CSF components by fitting a triexponential function with T2s taken from literature. A two-compartment dynamic model was introduced to describe the exchange of water through time and TE. From this, a water exchange time from the blood to the CSF (Tbl->CSF) was mapped, with an order of magnitude of approximately 60 s

Nonlocal problems for quasilinear functional partial differential equations of first order

Existence and uniqueness of almost everywhere solutions of nonlocal problems to functional partial differential systems in diagonal form are investigated. The proof is based on the characteristics and fixed point methods