Single Sign-on Implementation: Leveraging Browser Storage for Handling Tabbed Browsing Sign-outs

Lokesh Ramamoorthi, Dilip Sarkar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Organizations provide multiple web-based services to its users. To manage easy provisioning and deprovisioning of users, they offer single sign-on (SSO) service as an access control mechanism. To access any SSO service, users need to remember only one set of credentials. These credentials are managed by organization’s identity and access management system (IAM). The identity provider (IDP) is the federated identity management platform to authenticate users, for service providers (SPs), to access and use the services. Users may access the services provided by organization via web browsers. Modern web browsers provide a feature called tabbed browsing, where tabs are widgets within the browser window, so that the users can stay organized when browsing multiple Web sites. In this paper, we analyzed how SSO works in a tabbed browsing environment. Our analysis shows that, in some scenarios, a user may not sign out from some services that he or she was using. This situation may lead to information security attacks. Also, we propose a solution that can be implemented on the browser to ensure a safe sign-out process.

Original languageEnglish (US)
Title of host publicationDevelopments and Advances in Defense and Security - Proceedings of MICRADS 2019
EditorsRobson Pacheco Pereira, Álvaro Rocha
PublisherSpringer Science and Business Media Deutschland GmbH
Pages15-28
Number of pages14
ISBN (Print)9789811391545
DOIs
StatePublished - Jan 1 2020
EventMultidisciplinary International Conference of Research Applied to Defense and Security, MICRADS 2019 - Rio de Janeiro, Brazil
Duration: May 8 2019May 10 2019

Publication series

NameSmart Innovation, Systems and Technologies
Volume152
ISSN (Print)2190-3018
ISSN (Electronic)2190-3026

Conference

ConferenceMultidisciplinary International Conference of Research Applied to Defense and Security, MICRADS 2019
CountryBrazil
CityRio de Janeiro
Period5/8/195/10/19

Keywords

  • Access control
  • Authentication
  • Authorization
  • Browser security
  • Federated identity management
  • Identity provider
  • Information security
  • Service provider

ASJC Scopus subject areas

  • Decision Sciences(all)
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Single Sign-on Implementation: Leveraging Browser Storage for Handling Tabbed Browsing Sign-outs'. Together they form a unique fingerprint.

  • Cite this

    Ramamoorthi, L., & Sarkar, D. (2020). Single Sign-on Implementation: Leveraging Browser Storage for Handling Tabbed Browsing Sign-outs. In R. P. Pereira, & Á. Rocha (Eds.), Developments and Advances in Defense and Security - Proceedings of MICRADS 2019 (pp. 15-28). (Smart Innovation, Systems and Technologies; Vol. 152). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-13-9155-2_2