Automated Risk Assessment and Trade-Off Analysis of OpenID Connect and OAuth 2.0 Deployments

This website contains supplementary material related to the paper "Automated Risk Assessment and Trade-Off Analysis of OpenID Connect and OAuth 2.0 Deployments".

Supplementary Materials:

• Supplementary Table S1. This table reports the relationship between IdP features and discovery endpoint JSON Keys. (cf. Section 4.1)

• Supplementary Table S2. This table reports the list of well-known IdPs and their specification. (cf. Section 4.1)

• Supplementary Table S3. This table reports FAPI and OAuth/OIDC Security BCPs. (cf. Section 3.2)

• Supplementary Table S4. This table reports the complete OAuth/OIDC Reference Model concerning all response types. (cf. Section 3.2)

• Supplementary Table S5. This table reports the definition of atomic features. (cf. Section 3.1)

• BCP-Compliant Authorization/Token Requests Schemas. This image represents BCP-Compliant Authorization/Token Requests. (cf. Section 3.2)

IdMP BCP Checker Algorithm:

• IdMP BCP Checker Algorithm. This algorithm represents the procedure perform within our tool to check the IdMP against BCPs. (cf. Section 4.2)

IdMP Specification Questionnaires:

• IdMP Specification Questionnaire. It represents a list of questions related to the atomic features reported in the reference model. (cf. Section 4.1)

Protection/Likelihood Level Calculation:

• Protection and Likelihood Level. It provides a definition besides the rationale behind the values assigned for each atomic feature. (cf. Section 3.1)

developed within Security & Trust Research Unit at Fondazione Bruno Kessler (Italy)