Abstract
Organizations provide multiple web-based services to its users. To manage easy provisioning and deprovisioning of users, they offer single sign-on (SSO) service as an access control mechanism. To access any SSO service, users need to remember only one set of credentials. These credentials are managed by organization’s identity and access management system (IAM). The identity provider (IDP) is the federated identity management platform to authenticate users, for service providers (SPs), to access and use the services. Users may access the services provided by organization via web browsers. Modern web browsers provide a feature called tabbed browsing, where tabs are widgets within the browser window, so that the users can stay organized when browsing multiple Web sites. In this paper, we analyzed how SSO works in a tabbed browsing environment. Our analysis shows that, in some scenarios, a user may not sign out from some services that he or she was using. This situation may lead to information security attacks. Also, we propose a solution that can be implemented on the browser to ensure a safe sign-out process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
For instance, federated identity management is a widely used SSO mechanism.
References
Hardt, D.: The OAuth 2.0 authorization framework, RFC 6749. Internet Engineering Task Force (2012). https://tools.ietf.org/html/rfc6749
Kemp, J., Cantor, S., Mishra, P., Philpott, R., Maler, E.: Assertions and protocols for the OASIS security assertion markup language (SAML) v2.0. OASIS (2015). http://saml.xml.org/saml-specifications
Ramamoorthi, L., Sarkar, D.: Single sign-on demystified: security considerations for developers and users. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) Trends and Advances in Information Systems and Technologies, pp. 185–196. Springer International Publishing, Cham (2018)
Dubroy, P., Balakrishnan, R.: A study of tabbed browsing among Mozilla Firefox users. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’10, pp. 673–682. ACM, New York, NY, USA (2010)
Mozilla developer network - web storage API. https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API
W3c docs - web cryptography API (2017). https://www.w3.org/TR/WebCryptoAPI/
Sun, S.T., Pospisil, E., Muslukhov, I., Dindar, N., Hawkey, K., Beznosov, K.: What makes users refuse web single sign-on?: An empirical investigation of openid. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, SOUPS ’11, pp. 4:1–4:20. ACM, New York, NY, USA (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Ramamoorthi, L., Sarkar, D. (2020). Single Sign-on Implementation: Leveraging Browser Storage for Handling Tabbed Browsing Sign-outs. In: Rocha, Á., Pereira, R. (eds) Developments and Advances in Defense and Security. Smart Innovation, Systems and Technologies, vol 152. Springer, Singapore. https://doi.org/10.1007/978-981-13-9155-2_2
Download citation
DOI: https://doi.org/10.1007/978-981-13-9155-2_2
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-9154-5
Online ISBN: 978-981-13-9155-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)