{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T13:15:35Z","timestamp":1769001335694,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":30,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642044731","type":"print"},{"value":"9783642044748","type":"electronic"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-04474-8_23","type":"book-chapter","created":{"date-parts":[[2009,9,3]],"date-time":"2009-09-03T11:26:09Z","timestamp":1251977169000},"page":"278-293","source":"Crossref","is-referenced-by-count":13,"title":["Risks of the CardSpace Protocol"],"prefix":"10.1007","author":[{"given":"Sebastian","family":"Gajek","sequence":"first","affiliation":[]},{"given":"J\u00f6rg","family":"Schwenk","sequence":"additional","affiliation":[]},{"given":"Michael","family":"Steiner","sequence":"additional","affiliation":[]},{"given":"Chen","family":"Xuan","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"23_CR1","unstructured":"Nanda, A.: A technical reference for the information card profile v1.0 (2006)"},{"key":"23_CR2","unstructured":"Liberty Alliance Project: Liberty Phase 2 final specifications (2003)"},{"key":"23_CR3","unstructured":"Kaler, C. (ed.): A.N.: Web Services Federation Language (WS-Federation), Version 1.0, BEA and IBM and Microsoft and RSA Security and VeriSign (2003)"},{"key":"23_CR4","unstructured":"OASIS Standard: Security assertion markup language, SAML (2002), http:\/\/www.oasis-open.org\/committees\/security\/docs\/"},{"key":"23_CR5","unstructured":"Cantor, S., Erdos, M.: Shibboleth-architecture draft v05 (2002)"},{"key":"23_CR6","unstructured":"Microsoft Corporation: .NET Passport documentation, in particular Technical Overview, and SDK 2.1 Documentation (started 1999) (2001)"},{"issue":"1-6","key":"23_CR7","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1016\/S1389-1286(00)00048-7","volume":"33","author":"D. Kormann","year":"2000","unstructured":"Kormann, D., Rubin, A.: Risks of the passport single signon protocol. Computer Networks\u00a033(1-6), 51\u201358 (2000)","journal-title":"Computer Networks"},{"key":"23_CR8","volume-title":"ACSAC 2003","author":"T. Gro\u00df","year":"2003","unstructured":"Gro\u00df, T.: Security analysis of the SAML single sign-on browser\/artifact profile. In: ACSAC 2003. IEEE Computer Society, Los Alamitos (2003)"},{"key":"23_CR9","volume-title":"Workshop on Web Services Security","author":"T. Gro\u00df","year":"2006","unstructured":"Gro\u00df, T., Pfitzmann, B.: SAML artifact information flow revisited. In: Workshop on Web Services Security. IEEE Computer Society, Los Alamitos (2006)"},{"issue":"6","key":"23_CR10","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1109\/MIC.2003.1250582","volume":"7","author":"B. Pfitzmann","year":"2003","unstructured":"Pfitzmann, B., Waidner, M.: Analysis of liberty single-sign-on with enabled clients. IEEE Internet Computing\u00a07(6), 38\u201344 (2003)","journal-title":"IEEE Internet Computing"},{"key":"23_CR11","first-page":"224","volume-title":"Understanding windows cardspace","author":"V. Bertocci","year":"2007","unstructured":"Bertocci, V., Garrett Serack, C.B.: Understanding windows cardspace, pp. 224\u2013247. Addison-Wesley, Reading (2007)"},{"key":"23_CR12","unstructured":"Personal communication with participants of dagstuhl seminar 09141 on web application security (March 2009)"},{"key":"23_CR13","unstructured":"Kaminsky, D.: It\u2019s the end of the cache as we know it (2008), http:\/\/www.doxpara.com\/DMK_BO2K8.ppt"},{"key":"23_CR14","unstructured":"Zuchlinski, G.: The anatomy of cross site scripting (2003)"},{"key":"23_CR15","doi-asserted-by":"crossref","unstructured":"Jovanovic, N., Kirda, E., Kruegel, C.: Preventing cross site request forgery attacks. In: Securecomm and Workshops, pp. 1\u201310 (2006)","DOI":"10.1109\/SECCOMW.2006.359531"},{"key":"23_CR16","first-page":"330","volume-title":"Noxes: a client-side solution for mitigating cross-site scripting attacks","author":"E. Kirda","year":"2006","unstructured":"Kirda, E., Kr\u00fcgel, C., Vigna, G., Jovanovic, N.: Noxes: a client-side solution for mitigating cross-site scripting attacks, pp. 330\u2013337. ACM, New York (2006)"},{"key":"23_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1007\/978-3-540-77048-0_38","volume-title":"Information and Communications Security","author":"S. Stamm","year":"2007","unstructured":"Stamm, S., Ramzan, Z., Jakobsson, M.: Drive-by pharming. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol.\u00a04861, pp. 495\u2013506. Springer, Heidelberg (2007)"},{"key":"23_CR18","first-page":"421","volume-title":"CCS 2007","author":"C. Jackson","year":"2007","unstructured":"Jackson, C., Barth, A., Bortz, A., Shao, W., Boneh, D.: Protecting browsers from dns rebinding attacks. In: CCS 2007, pp. 421\u2013431. ACM, New York (2007)"},{"key":"23_CR19","first-page":"58","volume-title":"CCS 2007","author":"C. Karlof","year":"2007","unstructured":"Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: CCS 2007, pp. 58\u201371. ACM, New York (2007)"},{"key":"23_CR20","unstructured":"Akritidis, P., Chin, W.Y., Lam, V.T., Sidiroglou, S., Anagnostakis, K.G.: Proximity breeds danger: emerging threats in metro-area wireless networks. In: SS 2007, pp. 1\u201316. USENIX Association (2007)"},{"key":"23_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-540-88733-1_22","volume-title":"Provable Security","author":"S. Gajek","year":"2008","unstructured":"Gajek, S., Manulis, M., Pereira, O., Sadeghi, A.R., Schwenk, J.: Universally composable security analysis of TLS. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol.\u00a05324, pp. 313\u2013327. Springer, Heidelberg (2008)"},{"key":"23_CR22","volume-title":"Crypto 2009","author":"M. Stevens","year":"2009","unstructured":"Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: Short chosen-prefix collisions for md5 and the creation of a rogue ca certificate. In: Crypto 2009. Springer, Heidelberg (to appear, 2009)"},{"key":"23_CR23","first-page":"581","volume-title":"CHI","author":"R. Dhamija","year":"2006","unstructured":"Dhamija, R., Tygar, J.D., Hearst, M.A.: Why phishing works. In: CHI, pp. 581\u2013590. ACM, New York (2006)"},{"key":"23_CR24","first-page":"51","volume-title":"Symposium on Security and Privacy","author":"S. Schechter","year":"2007","unstructured":"Schechter, S., Dhamija, R., Ozment, A., Fischer, I.: The emperor\u2019s new security indicators. In: Symposium on Security and Privacy, pp. 51\u201365. IEEE Computer Society, Los Alamitos (2007)"},{"issue":"1-2","key":"23_CR25","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1016\/j.cose.2008.09.007","volume":"28","author":"A. Herzberg","year":"2009","unstructured":"Herzberg, A.: Why Johnny can\u2019t surf (safely)? attacks and defenses for web users. Elsevier Computers & Security\u00a028(1-2), 63\u201371 (2009)","journal-title":"Elsevier Computers & Security"},{"key":"23_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1007\/978-3-540-77366-5_27","volume-title":"Financial Cryptography and Data Security","author":"C. Jackson","year":"2007","unstructured":"Jackson, C., Simon, D.R., Tan, D.S., Barth, A.: An evaluation of extended validation and picture-in-picture phishing attacks. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol.\u00a04886, pp. 281\u2013293. Springer, Heidelberg (2007)"},{"key":"23_CR27","unstructured":"Jackson, C., Barth, A.: Beware of finer-grained origins. In: W2SP 2008 (2008)"},{"issue":"3","key":"23_CR28","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1109\/MC.2008.98","volume":"41","author":"R. Oppliger","year":"2008","unstructured":"Oppliger, R., Hauser, R., Basin, D.: Ssl\/tls session-aware user authentication. Computer\u00a041(3), 59\u201365 (2008)","journal-title":"Computer"},{"key":"23_CR29","unstructured":"Rescorla, E.: Keying material extractors for transport layer security (tls). IEFT Internet-Draft (2008)"},{"key":"23_CR30","doi-asserted-by":"crossref","unstructured":"Dierks, T., Allen, C.: RFC2246, The tls protocol version 1.0 (1999)","DOI":"10.17487\/rfc2246"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-04474-8_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,22]],"date-time":"2019-05-22T10:37:13Z","timestamp":1558521433000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-04474-8_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642044731","9783642044748"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-04474-8_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009]]}}}