论文信息 - OAuth 2.0 Threat Model and Security Considerations

OAuth 2.0 Threat Model and Security Considerations

This document gives additional security considerations for OAuth, beyond those in the OAuth 2.0 specification, based on a comprehensive threat model for the OAuth 2.0 protocol. This document is not an Internet Standards Track specification; it is published for informational purposes.

[1] Dick Hardt,et al. The OAuth 2.0 Authorization Framework , 2012, RFC.

[2] Michael B. Jones,et al. The OAuth 2.0 Authorization Framework: Bearer Token Usage , 2012, RFC.

[3] Thomas Groß,et al. Security analysis of the SAML single sign-on browser/artifact profile , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[4] Hannes Tschofenig,et al. OAuth 2.0 Message Authentication Code (MAC) Tokens , 2014 .

[5] Dan Boneh,et al. Busting frame busting a study of clickjacking vulnerabilities on popular sites , 2010 .

[6] Michael B. Jones,et al. JSON Web Token (JWT) , 2015, RFC.

[7] Eric Rescorla,et al. The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[8] Donald E. Eastlake,et al. Randomness Requirements for Security , 2005, RFC.

[9] Punya Mishra,et al. Bindings and Profiles for the OASIS Security Assertion Markup Language (SAML) v1. 1 , 2003 .

[10] Hugo Krawczyk,et al. A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[11] John T. Kohl,et al. The Kerberos Network Authentication Service (V5 , 2004 .