Skip to content

Files

Latest commit

danielfettdanielfett
Various editorial fixes
May 13, 2024
3265daf · May 13, 2024

History

History
303 lines (277 loc) · 13.1 KB

B_references.md

File metadata and controls

303 lines (277 loc) · 13.1 KB
<title>OpenID Connect Core 1.0 incorporating errata set 2</title> NAT.Consulting Yubico Self-Issued Consulting Google Disney <title>OpenID Connect Discovery 1.0 incorporating errata set 2</title> NAT.Consulting Yubico Self-Issued Consulting Illumila <title>Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)</title> Yes Ping <title>OAuth 2.0 Multiple Response Type Encoding Practices</title> Google Google Facebook Microsoft <title>OWASP Cheat Sheet Series - Unvalidated Redirects and Forwards</title> <title>Referrer Policy</title> Google Inc. Google Inc. <title>OAuth 2.0 Form Post Response Mode</title> Microsoft Ping Identity <title>The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems</title> University of British Columbia University of British Columbia <title>OAuth Demystified for Mobile Application Developers</title> Carnegie Mellon University Carnegie Mellon University Microsoft Research Carnegie Mellon University Carnegie Mellon University Carnegie Mellon University

<title>A Comprehensive Formal Security Analysis of OAuth 2.0</title>

<title>The Web SSO Standard OpenID Connect: In-Depth Formal Security Analysis and Security Guidelines</title>

<title>An Extensive Formal Security Analysis of the OpenID Financial-grade API</title>

<title>On the security of modern Single Sign-On Protocols: Second-Order Vulnerabilities in OpenID Connect</title>

<title>Discovering concrete attacks on website authorization by formal analysis</title> <title>Referer header includes URL fragment when opening link using New Tab</title> <title>Web Authentication: An API for accessing Public Key Credentials Level 2</title> Google Mozilla Microsoft Microsoft Yubico <title>Web Cryptography API</title> Netflix <title>All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records</title> <title>Content Security Policy Level 2</title>

<title>DISTINCT: Identity Theft using In-Browser Communications in Dual-Window Single Sign-On</title>

<title>HTML Living Standard: Cross-document messaging</title> WHATWG <title>Fetch Standard: CORS protocol</title> WHATWG <title>Security Analysis of Real-Life OpenID Connect Implementations</title> <title>BCP195</title> IETF