"Another weakness of ASP is the misimpression that is provides application-limited rather than full-scope account access." - Authentication at Scale, appearing in IEEE S&P Magazine vol. ![]() In fact, Eric Grosse and Mayank Upadhyay of Google even call this weakness out in their recent publication about Google's authentication infrastructure: This shouldn’t be particularly surprising. ![]() If you create an ASP for use in (for example) an XMPP chat client, that same ASP can also be used to read your email over IMAP, or grab your calendar events with CalDAV. This second point deserves some more attention. By contrast, ASPs are - in terms of enforcement - not actually application-specific at all!
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |