Status
Available
Description
In this thesis, you will study the evolvement of the Single Sign-On (SSO) Landscape, Security, and Privacy over time. Therefore, you will manually investigate the SSO logins on the top-ranked 1k websites at different points in time (i.e., twice a year). The Web Archive [1] provides the access to the websites at any point in time.
The thesis should answer following research questions:
- SSO Landscape: How did the SSO support on websites change over time?
- How did the general support of SSO on websites evolve?
- How did the IdP (i.e., Google, Facebook, Apple) distribution evolve?
- SSO Security: How did the SSO security on websites change over time?
- Which protocols and protocol versions were used (OAuth 1.0/2.0, OpenID, OpenID Connect, SAML, …)?
- Which flows (à code, implicit, hybrid; popup, iframe) were used?
- Which security parameters (à state, PKCE, …) were used?
- SSO Privacy: How does the SSO privacy on websites change over time?
- Which user data (à scope) was requested by the websites?
As a result, the thesis should give detailed insights and provide several visualizations of the real-world Single Sign-On distribution over the last decade. You should also clearly describe possible problems that you were faced with during your manual analysis and enumerate potential automation hurdles.
Challenge
- In which year did Dropbox [4] first support “Sign in with Google”?
- Compare IMDb’s [5] “Sign in with Google” SSO login on the 31. March 2016 to its today’s SSO login. What do you notice?
- Compare Pinterest’s [6] “Sign in with Facebook” SSO login on the 01. June 2017 to its today’s SSO login. What do you notice?
Requirements
- You know the basics of OAuth 2.0 [2] and OpenID Connect 1.0 [3]
- Basic web security knowledge is a plus