1. »
  2. Abschlussarbeiten
  3. »
  4. Bachelorthesis: [SSO] SSO-History: On the Historic Development of the Single Sign-On Landscape, Security, and Privacy

Bachelorthesis: [SSO] SSO-History: On the Historic Development of the Single Sign-On Landscape, Security, and Privacy

Status

Available

Description

In this thesis, you will study the evolvement of the Single Sign-On (SSO) Landscape, Security, and Privacy over time. Therefore, you will manually investigate the SSO logins on the top-ranked 1k websites at different points in time (i.e., twice a year). The Web Archive [1] provides the access to the websites at any point in time.

The thesis should answer following research questions:

  • SSO Landscape: How did the SSO support on websites change over time?
    • How did the general support of SSO on websites evolve?
    • How did the IdP (i.e., Google, Facebook, Apple) distribution evolve?
  • SSO Security: How did the SSO security on websites change over time?
    • Which protocols and protocol versions were used (OAuth 1.0/2.0, OpenID, OpenID Connect, SAML, …)?
    • Which flows (à code, implicit, hybrid; popup, iframe) were used?
    • Which security parameters (à state, PKCE, …) were used?
  • SSO Privacy: How does the SSO privacy on websites change over time?
    • Which user data (à scope) was requested by the websites?

As a result, the thesis should give detailed insights and provide several visualizations of the real-world Single Sign-On distribution over the last decade. You should also clearly describe possible problems that you were faced with during your manual analysis and enumerate potential automation hurdles.

Challenge

  • In which year did Dropbox [4] first support “Sign in with Google”?
  • Compare IMDb’s [5] “Sign in with Google” SSO login on the 31. March 2016 to its today’s SSO login. What do you notice?
  • Compare Pinterest’s [6] “Sign in with Facebook” SSO login on the 01. June 2017 to its today’s SSO login. What do you notice?

Requirements

  • You know the basics of OAuth 2.0 [2] and OpenID Connect 1.0 [3]
  • Basic web security knowledge is a plus

Contact

Sources

  1. https://web.archive.org/
  2. https://www.rfc-editor.org/rfc/rfc6749
  3. https://openid.net/specs/openid-connect-core-1_0.html
  4. https://www.dropbox.com/
  5. https://imdb.com/
  6. https://www.pinterest.de/