{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,16]],"date-time":"2026-06-16T11:03:02Z","timestamp":1781607782872,"version":"3.54.5"},"publisher-location":"Cham","reference-count":59,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031375859","type":"print"},{"value":"9783031375866","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-37586-6_13","type":"book-chapter","created":{"date-parts":[[2023,7,11]],"date-time":"2023-07-11T23:02:16Z","timestamp":1689116536000},"page":"203-222","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Assurance, Consent and\u00a0Access Control for\u00a0Privacy-Aware OIDC Deployments"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-2239-1913","authenticated-orcid":false,"given":"Gianluca","family":"Sassetti","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6290-3588","authenticated-orcid":false,"given":"Amir","family":"Sharif","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7567-4526","authenticated-orcid":false,"given":"Giada","family":"Sciarretta","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2853-4269","authenticated-orcid":false,"given":"Roberto","family":"Carbone","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7269-9285","authenticated-orcid":false,"given":"Silvio","family":"Ranise","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2023,7,12]]},"reference":[{"key":"13_CR1","unstructured":"AUSTRIA ID OIDC documentation. https:\/\/eid.egiz.gv.at\/wp-content\/uploads\/2021\/10\/ID-Austria-Technisches-Whitepaper-fuer-Service-Owner-1.pdf. Accessed 28 Nov 2022"},{"key":"13_CR2","unstructured":"Auth0 API documentation. https:\/\/auth0.com\/docs\/api\/authentication. Accessed 28 Nov 2022"},{"key":"13_CR3","unstructured":"Authlete API documentation. https:\/\/docs.authlete.com\/en\/shared\/2.2.19. Accessed 28 Nov 2022"},{"key":"13_CR4","unstructured":"AWS Cognito OIDC documentation. https:\/\/docs.aws.amazon.com\/cognito\/latest\/developerguide\/cognito-userpools-server-contract-reference.html. Accessed 28 Nov 2022"},{"key":"13_CR5","unstructured":"Cloudentity API documentation. https:\/\/cloudentity.com\/developers\/api\/authorization_apis\/oauth2\/. Accessed 28 Nov 2022"},{"key":"13_CR6","unstructured":"Cnil dossier th\u00e9matique d\u00e9di\u00e9 \u00e0 l\u2019identit\u00e9 num\u00e9rique. https:\/\/www.cnil.fr\/sites\/default\/files\/atoms\/files\/cnil_dossier-thematique_identite-numerique.pdf. Accessed 4 Mar 2023"},{"key":"13_CR7","unstructured":"Connect2Id API documentation. https:\/\/connect2id.com\/products\/server\/docs\/api. Accessed 28 Nov 2022"},{"key":"13_CR8","unstructured":"Facebook OIDC documentation. https:\/\/developers.facebook.com\/docs\/facebook-login\/guides\/advanced\/manual-flow\/. Accessed 28 Nov 2022"},{"key":"13_CR9","unstructured":"ForgeRock API documentation. https:\/\/backstage.forgerock.com\/docs\/am\/7.1 . Accessed 28 Nov 2022"},{"key":"13_CR10","unstructured":"FranceConnect identity provider documentation. https:\/\/partenaires.franceconnect.gouv.fr\/fcp\/fournisseur-identite. Accessed 28 Nov 2022"},{"key":"13_CR11","unstructured":"FranceConnect+ OIDC documentation. https:\/\/github.com\/france-connect\/Documentation-FranceConnect-Plus\/blob\/main\/fs\/docs-fs.md. Accessed 28 Nov 2022"},{"key":"13_CR12","unstructured":"General data protection regulation. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=CELEX:32016R0679 &from=EN. Accessed 25 Nov 2022"},{"key":"13_CR13","unstructured":"Google Identity API documentation. https:\/\/developers.google.com\/identity\/openid-connect\/openid-connect. Accessed 25 Nov 2022"},{"key":"13_CR14","unstructured":"IBM Oidc documentation. https:\/\/www.ibm.com\/docs\/en\/sva\/9.0.7?topic=methods-openid-connect-oidc-authentication. Accessed 25 Nov 2022"},{"key":"13_CR15","unstructured":"ID-Porten OIDC documentation. https:\/\/docs.digdir.no\/docs\/idporten\/oidc\/oidc_guide_english. Accessed 25 Nov 2022"},{"key":"13_CR16","unstructured":"itsme API documentation. https:\/\/belgianmobileid.github.io\/slate\/login.html. Accessed 25 Nov 2022"},{"key":"13_CR17","unstructured":"Microsoft OIDC documentation. https:\/\/connect2id.com\/products\/server\/docs\/api. Accessed 25 Nov 2022"},{"key":"13_CR18","unstructured":"MitID and NemID service provider documentation. https:\/\/broker.signaturgruppen.dk\/application\/files\/7415\/8763\/0084\/Nets_MitID_Broker_Technical_reference_v._0.9.5.pdf. Accessed 25 Nov 2022"},{"key":"13_CR19","unstructured":"MojeID OIDC documentation. https:\/\/www.mojeid.cz\/documentation\/html\/ImplementacePodporyMojeid\/OpenidConnect\/index.html. Accessed 25 Nov 2022"},{"key":"13_CR20","unstructured":"NemID identity provider documentation. https:\/\/broker.signaturgruppen.dk\/application\/files\/6616\/5166\/7106\/Nets_eID_Broker_Identity_Providers_v.1.2.6.pdf. Accessed 25 Nov 2022"},{"key":"13_CR21","unstructured":"NHS Login OIDC OIDC documentation. https:\/\/developer.nhs.uk\/library\/systems\/eis\/. Accessed 25 Nov 2022"},{"key":"13_CR22","unstructured":"NL Gov Assurance Profile OIDC documentation. https:\/\/logius.gitlab.io\/oidc\/#authorization-endpoint. Accessed 25 Nov 2022"},{"key":"13_CR23","unstructured":"OKTA Api documentation. https:\/\/developer.okta.com\/docs\/reference\/api\/oidc\/. Accessed 28 Nov 2022"},{"key":"13_CR24","unstructured":"PING Federation SSO documentation. https:\/\/docs.pingidentity.com\/bundle\/pingone\/page\/gbj1632772285136.html. Accessed 28 Nov 2022"},{"key":"13_CR25","unstructured":"Pro Sant\u00e9 Connect OIDC documentation. https:\/\/industriels.esante.gouv.fr\/produits-services\/pro-sante-connect\/documentation-technique. Accessed 28 Nov 2022"},{"key":"13_CR26","unstructured":"Regulation on electronic identification and trust services for electronic transactions. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=CELEX:32014R0910 &from=EN. Accessed 25 Nov 2022"},{"key":"13_CR27","unstructured":"Security assertion markup language (saml) v2.0 technical overview. http:\/\/docs.oasis-open.org\/security\/saml\/Post2.0\/sstc-saml-tech-overview-2.0.html. Accessed 4 Mar 2023"},{"key":"13_CR28","unstructured":"Sign in with apple. https:\/\/developer.apple.com\/sign-in-with-apple\/. Accessed 23 Dec 2022"},{"key":"13_CR29","unstructured":"SMART-ID OIDC documentation. https:\/\/e-gov.github.io\/TARA-Doku\/TechnicalSpecification. Accessed 28 Nov 2022"},{"key":"13_CR30","unstructured":"SPID Oidc documentation. https:\/\/docs.italia.it\/AgID\/documenti-in-consultazione\/lg-openidconnect-spid-docs\/it\/bozza\/index.html. Accessed 28 Nov 2022"},{"key":"13_CR31","unstructured":"WSO2 Identity Server documentation. https:\/\/is.docs.wso2.com\/en\/latest\/guides\/before-you-start\/. Accessed 28 Nov 2022"},{"key":"13_CR32","unstructured":"Yahoo OIDC documentation. https:\/\/developer.yahoo.com\/oauth2\/guide\/openid_connect\/. Accessed 28 Nov 2022"},{"key":"13_CR33","doi-asserted-by":"crossref","unstructured":"Asghar, M.R., Backes, M., Simeonovski, M.: Prima: Privacy-preserving identity and access management at internet-scale. In: 2018 IEEE International Conference on Communications (ICC), pp. 1\u20136. IEEE (2018)","DOI":"10.1109\/ICC.2018.8422732"},{"key":"13_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"431","DOI":"10.1007\/978-3-319-28166-7_21","volume-title":"Applied Cryptography and Network Security","author":"M Simeonovski","year":"2015","unstructured":"Simeonovski, M., Bendun, F., Asghar, M.R., Backes, M., Marnau, N., Druschel, P.: Oblivion: mitigating privacy leaks by controlling the discoverability of online information. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 431\u2013453. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-28166-7_21"},{"key":"13_CR35","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/978-3-030-64455-0_5","volume-title":"Emerging Technologies for Authorization and Authentication","author":"A Bisegna","year":"2020","unstructured":"Bisegna, A., Carbone, R., Pellizzari, G., Ranise, S.: Micro-id-gym: a flexible tool for pentesting identity management protocols in the wild and in the laboratory. In: Saracino, A., Mori, P. (eds.) Emerging Technologies for Authorization and Authentication, pp. 71\u201389. Springer International Publishing, Cham (2020)"},{"key":"13_CR36","doi-asserted-by":"crossref","unstructured":"Boysen, A.: Decentralized, self-sovereign, consortium: the future of digital identity in Canada. Front. Blockchain 11 (2021)","DOI":"10.3389\/fbloc.2021.624258"},{"key":"13_CR37","unstructured":"Calzavara, S., Focardi, R., Maffei, M., Schneidewind, C., Squarcina, M., Tempesta, M.: WPSE: Fortifying web protocols via Browser-Side security monitoring. In: 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, pp. 1493\u20131510. USENIX Association, August 2018. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/calzavara"},{"key":"13_CR38","unstructured":"Chari, S., Jutla, C., Roy, A.: Universally composable security analysis of oauth v2.0. Cryptology ePrint Archive, Paper 2011\/526 (2011). https:\/\/eprint.iacr.org\/2011\/526"},{"key":"13_CR39","doi-asserted-by":"crossref","unstructured":"Fett, D., K\u00fcsters, R., Schmitz, G.: Spresso: a secure, privacy-respecting single sign-on system for the web. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1358\u20131369 (2015)","DOI":"10.1145\/2810103.2813726"},{"key":"13_CR40","doi-asserted-by":"publisher","unstructured":"Fett, D., K\u00fcsters, R., Schmitz, G.: A comprehensive formal security analysis of oauth 2.0. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. CCS 2016, pp. 1204\u20131215, New York, NY, USA. Association for Computing Machinery (2016). https:\/\/doi.org\/10.1145\/2976749.2978385, https:\/\/doi.org\/10.1145\/2976749.2978385","DOI":"10.1145\/2976749.2978385"},{"key":"13_CR41","doi-asserted-by":"crossref","unstructured":"Fett, D., K\u00fcsters, R., Schmitz, G.: The web sso standard openid connect: In-depth formal security analysis and security guidelines. In: 2017 IEEE 30th Computer Security Foundations Symposium (CSF), pp. 189\u2013202. IEEE (2017)","DOI":"10.1109\/CSF.2017.20"},{"key":"13_CR42","unstructured":"Foundation, O.: Certified openid providers, https:\/\/openid.net\/certification\/. Accessed 23 Nov 2022"},{"key":"13_CR43","unstructured":"Foundation, O.: List of openid specifications (2023). https:\/\/openid.net\/developers\/specs\/. Accessed 6 Mar 2023"},{"key":"13_CR44","doi-asserted-by":"publisher","unstructured":"Hammann, S., Sasse, R., Basin, D.: Privacy-preserving openid connect. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security. ASIA CCS 2020, New York, NY, USA, pp. 277\u2013289. Association for Computing Machinery (2020). https:\/\/doi.org\/10.1145\/3320269.3384724, https:\/\/doi.org\/10.1145\/3320269.3384724","DOI":"10.1145\/3320269.3384724"},{"key":"13_CR45","doi-asserted-by":"crossref","unstructured":"Li, W., Mitchell, C.J.: User access privacy in oauth 2.0 and openid connect. In: 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 664\u20136732. IEEE (2020)","DOI":"10.1109\/EuroSPW51379.2020.00095"},{"key":"13_CR46","doi-asserted-by":"publisher","unstructured":"Li, W., Mitchell, C.J., Chen, T.: Oauthguard: protecting user security and privacy with oauth 2.0 and openid connect. In: Proceedings of the 5th ACM Workshop on Security Standardisation Research Workshop. SSR 2019, New York, NY, USA, pp. 35\u201344, Association for Computing Machinery (2019). https:\/\/doi.org\/10.1145\/3338500.3360331, https:\/\/doi.org\/10.1145\/3338500.3360331","DOI":"10.1145\/3338500.3360331"},{"key":"13_CR47","unstructured":"Lodderstedt, T., Fett, D., Haine, M., Pulido, A., Lehmann, K., Koiwai, K.: Openid connect for identity assurance 1.0. https:\/\/openid.net\/specs\/openid-connect-4-identity-assurance-1_0.html. Accessed 23 Nov 2022"},{"key":"13_CR48","unstructured":"Lodderstedt, T., Bradley, J., Labunets, A., Fett, D.: OAuth 2.0 Security Best Current Practice. Internet-Draft draft-ietf-oauth-security-topics-21, Internet Engineering Task Force, September 2022. https:\/\/datatracker.ietf.org\/doc\/draft-ietf-oauth-security-topics\/21\/. work in Progress"},{"key":"13_CR49","unstructured":"Varley, M., Grassi, P.: International government assurance profile (igov) for openid connect 1.0. https:\/\/openid.bitbucket.io\/iGov\/openid-igov-profile-id1.html"},{"key":"13_CR50","unstructured":"Morkonda, S.G., Chiasson, S., van Oorschot, P.C.: Ssoprivateeye: timely disclosure of single sign-on privacy design differences. arXiv preprint arXiv:2209.04490 (2022)"},{"key":"13_CR51","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2019.03.003","volume":"84","author":"J Navas","year":"2019","unstructured":"Navas, J., Beltr\u00e1n, M.: Understanding and mitigating openid connect threats. Comput. Secur. 84, 1\u201316 (2019)","journal-title":"Comput. Secur."},{"key":"13_CR52","unstructured":"Richer, J., Johansson, L.: Vectors of trust. RFC 8485, RFC Editor, October 2018. https:\/\/www.rfc-editor.org\/info\/rfc8485"},{"key":"13_CR53","unstructured":"Sakimura, N., Bradley, J., Jones, M., De Medeiros, B., Mortimore, C.: Openid connect core 1.0. The OpenID Foundation, p. S3 (2014)"},{"key":"13_CR54","doi-asserted-by":"publisher","unstructured":"Sharif, A., Ranzi, M., Carbone, R., Sciarretta, G., Marino, F.A., Ranise, S.: The eidas regulation: a survey of technological trends for European electronic identity schemes. Appl. Sci. 12(24) (2022). https:\/\/doi.org\/10.3390\/app122412679","DOI":"10.3390\/app122412679"},{"key":"13_CR55","doi-asserted-by":"crossref","unstructured":"Sudhodanan, A., Carbone, R., Compagna, L., Dolgin, N., Armando, A., Morelli, U.: Large-scale analysis & detection of authentication cross-site request forgeries. In: 2017 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 350\u2013365. IEEE (2017)","DOI":"10.1109\/EuroSP.2017.45"},{"key":"13_CR56","unstructured":"eID User Community: Overview of pre-notified and notified eid schemes under eidas (2019). https:\/\/ec.europa.eu\/digital-building-blocks\/wikis\/display\/EIDCOMMUNITY\/Overview+of+pre-notified+and+notified+eID+schemes+under+eIDAS. Accessed 23 Nov 2022"},{"key":"13_CR57","doi-asserted-by":"publisher","unstructured":"Wilson, Y., Hingnikar, A.: Solving Identity Management in Modern Applications: Demystifying OAuth 2.0, OpenID connect, and SAML 2.0. Springer, Berkeley (2019). https:\/\/doi.org\/10.1007\/978-1-4842-5095-2","DOI":"10.1007\/978-1-4842-5095-2"},{"key":"13_CR58","unstructured":"Zhang, Z., Kr\u00f3l, M., Sonnino, A., Zhang, L., Rivi\u00e8re, E.: El passo: privacy-preserving, asynchronous single sign-on. arXiv preprint arXiv:2002.10289 (2020)"},{"key":"13_CR59","unstructured":"Zhou, Y., Evans, D.: SSOScan: automated testing of web applications for single Sign-On vulnerabilities. In: 23rd USENIX Security Symposium (USENIX Security 14), San Diego, CA, pp. 495\u2013510. USENIX Association, August 2014. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/zhou"}],"container-title":["Lecture Notes in Computer Science","Data and Applications Security and Privacy XXXVII"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-37586-6_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,7,11]],"date-time":"2023-07-11T23:04:23Z","timestamp":1689116663000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-37586-6_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031375859","9783031375866"],"references-count":59,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-37586-6_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"12 July 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DBSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP Annual Conference on Data and Applications Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Sophia-Antipolis","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 July 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 July 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"37","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dbsec2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.dbsec2023.unimol.it\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"56","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}