QALD-3: Multilingual question answering over linked data
Elena Cabrio, Philipp Cimiano, et al.
CLEF 2013
Browser-based Single Sign-On (SSO) protocols relieve the user from the burden of dealing with multiple credentials thereby improving the user experience and the security. In this paper we show that extreme care is required for specifying and implementing the prototypical browser-based SSO use case. We show that the main emerging SSO protocols, namely SAML SSO and OpenID, suffer from an authentication flaw that allows a malicious service provider to hijack a client authentication attempt or force the latter to access a resource without its consent or intention. This may have serious consequences, as evidenced by a Cross-Site Scripting attack that we have identified in the SAML-based SSO for Google Apps and in the SSO available in Novell Access Manager v.3.1. For instance, the attack allowed a malicious web server to impersonate a user on any Google application. We also describe solutions that can be used to mitigate and even solve the problem.
Elena Cabrio, Philipp Cimiano, et al.
CLEF 2013
Lerong Cheng, Jinjun Xiong, et al.
ASP-DAC 2008
G. Ramalingam
Theoretical Computer Science
N.K. Ratha, A.K. Jain, et al.
Workshop CAMP 2000