SlideShare a Scribd company logo

Open ID Security Issues

Download as PPT, PDF
Ashish Jain
Ashish Jain

This document summarizes known security issues with the OpenID protocol specification and implementation, including issues related to the browser being a man-in-the-middle for messages, session swapping vulnerabilities, HTML discovery and phishing risks, and end-entity man-in-the-middle attacks between relying parties and identity providers. It provides examples of how protocol specifications and security profiles have helped to address some of these issues but notes that further work is still needed to fully mitigate risks.

Technology
1 of 12
OpenID Security Issues Ashish Jain & Andrew Nash & Jeff Hodges, PayPal Information Risk Management OpenID Summit 2-Nov-2009
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Protocol Spec Security Issues ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Browser as Man-in-the-middle ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Session Swapping               (1) ,[object Object],[object Object],[object Object],[object Object],[object Object]
Session Swapping               (2) ,[object Object],[object Object],[object Object],[object Object]
Browser/HTTP/Web Issues ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HTML discovery / Phishing ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
End-entity Man-in-the-middle (RP/OP spoof'g) ,[object Object],[object Object],[object Object],[object Object],[object Object]
Implementation & deployment practices ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Various items not mentioned above ,[object Object],[object Object],[object Object]
End

Recommended

AI Machine vs Human
AI Machine vs HumanAI Machine vs Human
AI Machine vs Humanantimo musone
 
Top 5 types of business loans in india
Top 5 types of business loans in indiaTop 5 types of business loans in india
Top 5 types of business loans in indiaMyMoneyMantra
 
Attacking SSO (SAML) - Breaking into the front door of Authentication
Attacking SSO (SAML) - Breaking into the front door of AuthenticationAttacking SSO (SAML) - Breaking into the front door of Authentication
Attacking SSO (SAML) - Breaking into the front door of AuthenticationAmit Kumar
 
Password protection
Password protection Password protection
Password protection JamaicaLeslieNoveno
 
25 Biggest Company and Product Failures
25 Biggest Company and Product Failures25 Biggest Company and Product Failures
25 Biggest Company and Product FailuresJesse Daniel
 
Unusual Web Bugs
Unusual Web BugsUnusual Web Bugs
Unusual Web Bugsamiable_indian
 
Web Bugs
Web BugsWeb Bugs
Web BugsDr Rushi Raval
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingShreeraj Shah
 

Recommended

AI Machine vs Human
AI Machine vs HumanAI Machine vs Human
AI Machine vs Humanantimo musone
 
Top 5 types of business loans in india
Top 5 types of business loans in indiaTop 5 types of business loans in india
Top 5 types of business loans in indiaMyMoneyMantra
 
Attacking SSO (SAML) - Breaking into the front door of Authentication
Attacking SSO (SAML) - Breaking into the front door of AuthenticationAttacking SSO (SAML) - Breaking into the front door of Authentication
Attacking SSO (SAML) - Breaking into the front door of AuthenticationAmit Kumar
 
Password protection
Password protection Password protection
Password protection JamaicaLeslieNoveno
 
25 Biggest Company and Product Failures
25 Biggest Company and Product Failures25 Biggest Company and Product Failures
25 Biggest Company and Product FailuresJesse Daniel
 
Unusual Web Bugs
Unusual Web BugsUnusual Web Bugs
Unusual Web Bugsamiable_indian
 
Web Bugs
Web BugsWeb Bugs
Web BugsDr Rushi Raval
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingShreeraj Shah
 
Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Jeremiah Grossman
 
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...Start Pad
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001Miguel Ibarra
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Jeremiah Grossman
 
Web API Security
Web API SecurityWeb API Security
Web API SecurityStefaan
 
A Network Centric Design For Relationship Based Rights Management (Tin180 Com)
A Network Centric Design For Relationship Based Rights Management (Tin180 Com)A Network Centric Design For Relationship Based Rights Management (Tin180 Com)
A Network Centric Design For Relationship Based Rights Management (Tin180 Com)Tin180 VietNam
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Shreeraj Shah
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar
 
Identity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityIdentity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityOliver Pfaff
 
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS FilterExamining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filterkuza55
 
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Amazon Web Services
 
Application Security
Application SecurityApplication Security
Application Securitynirola
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Amazon Web Services
 
Api Design and More (Friday Training at Itnig)
Api Design and More (Friday Training at Itnig)Api Design and More (Friday Training at Itnig)
Api Design and More (Friday Training at Itnig)itnig
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
 
Top Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.NetTop Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.Netalsmola
 
2 . web app s canners
2 . web app s canners2 . web app s canners
2 . web app s cannersRashid Khatmey
 
Jordi Romero Api for-the-mobile-era
Jordi Romero Api for-the-mobile-eraJordi Romero Api for-the-mobile-era
Jordi Romero Api for-the-mobile-era.toster
 
Web-services
Web-services Web-services
Web-services webhostingguy
 
CIS 2015 Mobile SSO
CIS 2015 Mobile SSOCIS 2015 Mobile SSO
CIS 2015 Mobile SSOAshish Jain
 
Mobile SSO using NAPPS
Mobile SSO using NAPPSMobile SSO using NAPPS
Mobile SSO using NAPPSAshish Jain
 

More Related Content

Similar to Open ID Security Issues

Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Jeremiah Grossman
 
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...Start Pad
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001Miguel Ibarra
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Jeremiah Grossman
 
Web API Security
Web API SecurityWeb API Security
Web API SecurityStefaan
 
A Network Centric Design For Relationship Based Rights Management (Tin180 Com)
A Network Centric Design For Relationship Based Rights Management (Tin180 Com)A Network Centric Design For Relationship Based Rights Management (Tin180 Com)
A Network Centric Design For Relationship Based Rights Management (Tin180 Com)Tin180 VietNam
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Shreeraj Shah
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar
 
Identity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityIdentity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityOliver Pfaff
 
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS FilterExamining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filterkuza55
 
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Amazon Web Services
 
Application Security
Application SecurityApplication Security
Application Securitynirola
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Amazon Web Services
 
Api Design and More (Friday Training at Itnig)
Api Design and More (Friday Training at Itnig)Api Design and More (Friday Training at Itnig)
Api Design and More (Friday Training at Itnig)itnig
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
 
Top Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.NetTop Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.Netalsmola
 
Jordi Romero Api for-the-mobile-era
Jordi Romero Api for-the-mobile-eraJordi Romero Api for-the-mobile-era
Jordi Romero Api for-the-mobile-era.toster
 

Similar to Open ID Security Issues (20)

Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"
 
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"
 
Web API Security
Web API SecurityWeb API Security
Web API Security
 
A Network Centric Design For Relationship Based Rights Management (Tin180 Com)
A Network Centric Design For Relationship Based Rights Management (Tin180 Com)A Network Centric Design For Relationship Based Rights Management (Tin180 Com)
A Network Centric Design For Relationship Based Rights Management (Tin180 Com)
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
 
Identity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityIdentity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric Identity
 
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS FilterExamining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
 
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
 
Application Security
Application SecurityApplication Security
Application Security
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
 
Api Design and More (Friday Training at Itnig)
Api Design and More (Friday Training at Itnig)Api Design and More (Friday Training at Itnig)
Api Design and More (Friday Training at Itnig)
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
 
Top Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.NetTop Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.Net
 
2 . web app s canners
2 . web app s canners2 . web app s canners
2 . web app s canners
 
Jordi Romero Api for-the-mobile-era
Jordi Romero Api for-the-mobile-eraJordi Romero Api for-the-mobile-era
Jordi Romero Api for-the-mobile-era
 
Web-services
Web-services Web-services
Web-services
 

More from Ashish Jain

CIS 2015 Mobile SSO
CIS 2015 Mobile SSOCIS 2015 Mobile SSO
CIS 2015 Mobile SSOAshish Jain
 
Mobile SSO using NAPPS
Mobile SSO using NAPPSMobile SSO using NAPPS
Mobile SSO using NAPPSAshish Jain
 
MDM/MAM/MIM Workshop - CIS 2013
MDM/MAM/MIM Workshop - CIS 2013MDM/MAM/MIM Workshop - CIS 2013
MDM/MAM/MIM Workshop - CIS 2013Ashish Jain
 
Mobile Devices in the Enterprise: What IT needs to know
Mobile Devices in the Enterprise: What IT needs to knowMobile Devices in the Enterprise: What IT needs to know
Mobile Devices in the Enterprise: What IT needs to knowAshish Jain
 
PayPal OpenID User Experience
PayPal OpenID User ExperiencePayPal OpenID User Experience
PayPal OpenID User ExperienceAshish Jain
 
UsingMiles - OpenID Retail Summit at PayPal
UsingMiles - OpenID Retail Summit at PayPalUsingMiles - OpenID Retail Summit at PayPal
UsingMiles - OpenID Retail Summit at PayPalAshish Jain
 
Kodak - OpenID Retail Summit at PayPal
Kodak - OpenID Retail Summit at PayPalKodak - OpenID Retail Summit at PayPal
Kodak - OpenID Retail Summit at PayPalAshish Jain
 
Angies List - OpenID Retail Summit at PayPal
Angies List - OpenID Retail Summit at PayPal Angies List - OpenID Retail Summit at PayPal
Angies List - OpenID Retail Summit at PayPal Ashish Jain
 
eBay - OpenID Retail Summit at PayPal
eBay - OpenID Retail Summit at PayPaleBay - OpenID Retail Summit at PayPal
eBay - OpenID Retail Summit at PayPalAshish Jain
 
Spec Update - OpenID Retail Summit at PayPal
Spec Update - OpenID Retail Summit at PayPalSpec Update - OpenID Retail Summit at PayPal
Spec Update - OpenID Retail Summit at PayPalAshish Jain
 
OpenID Retail Summit at PayPal - PayPal Identity
OpenID Retail Summit at PayPal - PayPal IdentityOpenID Retail Summit at PayPal - PayPal Identity
OpenID Retail Summit at PayPal - PayPal IdentityAshish Jain
 
PayPal Identity Services - Innovate 2010
PayPal Identity Services - Innovate 2010PayPal Identity Services - Innovate 2010
PayPal Identity Services - Innovate 2010Ashish Jain
 
Say no to Bottled water
Say no to Bottled waterSay no to Bottled water
Say no to Bottled waterAshish Jain
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Identity Enabling Web Services
Identity Enabling Web ServicesIdentity Enabling Web Services
Identity Enabling Web ServicesAshish Jain
 

More from Ashish Jain (17)

CIS 2015 Mobile SSO
CIS 2015 Mobile SSOCIS 2015 Mobile SSO
CIS 2015 Mobile SSO
 
Mobile SSO using NAPPS
Mobile SSO using NAPPSMobile SSO using NAPPS
Mobile SSO using NAPPS
 
MDM/MAM/MIM Workshop - CIS 2013
MDM/MAM/MIM Workshop - CIS 2013MDM/MAM/MIM Workshop - CIS 2013
MDM/MAM/MIM Workshop - CIS 2013
 
Mobile Devices in the Enterprise: What IT needs to know
Mobile Devices in the Enterprise: What IT needs to knowMobile Devices in the Enterprise: What IT needs to know
Mobile Devices in the Enterprise: What IT needs to know
 
PayPal OpenID User Experience
PayPal OpenID User ExperiencePayPal OpenID User Experience
PayPal OpenID User Experience
 
UsingMiles - OpenID Retail Summit at PayPal
UsingMiles - OpenID Retail Summit at PayPalUsingMiles - OpenID Retail Summit at PayPal
UsingMiles - OpenID Retail Summit at PayPal
 
Kodak - OpenID Retail Summit at PayPal
Kodak - OpenID Retail Summit at PayPalKodak - OpenID Retail Summit at PayPal
Kodak - OpenID Retail Summit at PayPal
 
Angies List - OpenID Retail Summit at PayPal
Angies List - OpenID Retail Summit at PayPal Angies List - OpenID Retail Summit at PayPal
Angies List - OpenID Retail Summit at PayPal
 
eBay - OpenID Retail Summit at PayPal
eBay - OpenID Retail Summit at PayPaleBay - OpenID Retail Summit at PayPal
eBay - OpenID Retail Summit at PayPal
 
Spec Update - OpenID Retail Summit at PayPal
Spec Update - OpenID Retail Summit at PayPalSpec Update - OpenID Retail Summit at PayPal
Spec Update - OpenID Retail Summit at PayPal
 
OpenID Retail Summit at PayPal - PayPal Identity
OpenID Retail Summit at PayPal - PayPal IdentityOpenID Retail Summit at PayPal - PayPal Identity
OpenID Retail Summit at PayPal - PayPal Identity
 
PayPal Identity Services - Innovate 2010
PayPal Identity Services - Innovate 2010PayPal Identity Services - Innovate 2010
PayPal Identity Services - Innovate 2010
 
Open Id Summit
Open Id SummitOpen Id Summit
Open Id Summit
 
Say no to Bottled water
Say no to Bottled waterSay no to Bottled water
Say no to Bottled water
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
 
Identity Enabling Web Services
Identity Enabling Web ServicesIdentity Enabling Web Services
Identity Enabling Web Services
 
Concordia
ConcordiaConcordia
Concordia
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

Open ID Security Issues

  • 1. OpenID Security Issues Ashish Jain & Andrew Nash & Jeff Hodges, PayPal Information Risk Management OpenID Summit 2-Nov-2009
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12. End