{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T06:38:46Z","timestamp":1776926326353,"version":"3.51.2"},"reference-count":118,"publisher":"Tech Science Press","issue":"3","license":[{"start":{"date-parts":[[2025,8,3]],"date-time":"2025-08-03T00:00:00Z","timestamp":1754179200000},"content-version":"vor","delay-in-days":214,"URL":"https:\/\/doi.org\/10.32604\/TSP-CROSSMARKPOLICY"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["CMC"],"published-print":{"date-parts":[[2025]]},"DOI":"10.32604\/cmc.2025.066139","type":"journal-article","created":{"date-parts":[[2025,7,11]],"date-time":"2025-07-11T07:42:37Z","timestamp":1752219757000},"page":"4019-4054","update-policy":"https:\/\/doi.org\/10.32604\/tsp-crossmarkpolicy","source":"Crossref","is-referenced-by-count":1,"title":["Single Sign-On Security and Privacy: A Systematic Literature Review"],"prefix":"10.32604","volume":"84","author":[{"given":"Abdelhadi","family":"Zineddine","sequence":"first","affiliation":[]},{"given":"Yousra","family":"Belfaik","sequence":"additional","affiliation":[]},{"given":"Abdeslam","family":"Rehaimi","sequence":"additional","affiliation":[]},{"given":"Yassine","family":"Sadqi","sequence":"additional","affiliation":[]},{"given":"Said","family":"Safi","sequence":"additional","affiliation":[]}],"member":"17807","published-online":{"date-parts":[[2025]]},"reference":[{"key":"ref1","unstructured":"Petrosyan A. Internet and social media users in the world 2025; 2025. [cited 2025 Jun 17]. Available from: https:\/\/www.statista.com\/statistics\/617136\/digital-population-worldwide\/."},{"key":"ref2","series-title":"Proceedings of the Second Symposium on Usable Privacy and Security\u2014SOUPS\u201906","first-page":"44","article-title":"Password management strategies for online accounts","author":"Gaw","year":"2006"},{"key":"ref3","series-title":"Proceedings of the 16th International Conference on World Wide Web\u2014WWW\u201907","first-page":"657","article-title":"A large-scale study of web password habits","author":"Florencio","year":"2007"},{"key":"ref4","doi-asserted-by":"crossref","first-page":"124267","DOI":"10.1016\/j.eswa.2024.124267","article-title":"Towards a federated and hybrid cloud computing environment for sustainable and effective provisioning of cyber security virtual laboratories","volume":"252","author":"Rehaimi","year":"2024","journal-title":"Expert Syst Appl"},{"key":"ref5","series-title":"Proceedings of the Web Conference","first-page":"105","article-title":"An investigation of identity-account inconsistency in single sign-on","author":"Liu","year":"2021"},{"key":"ref6","series-title":"Proceedings of the 20th Workshop on Privacy in the Electronic Society","first-page":"195","article-title":"Empirical analysis and privacy implications in OAuth-based single sign-on systems","author":"Morkonda","year":"2021"},{"key":"ref7","series-title":"2020 IEEE European Symposium on Security and Privacy (EuroS&P)","first-page":"587","article-title":"PESTO: proactively secure distributed single sign-on, or how to trust a hacked server","author":"Baum","year":"2020"},{"key":"ref8","series-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","first-page":"1204","article-title":"A comprehensive formal security analysis of OAuth 2.0","author":"Fett","year":"2016"},{"key":"ref9","series-title":"Proceedings of the 3rd International Conference on Networking, Information Systems & Security","first-page":"1","article-title":"Web OAuth-based SSO systems security","author":"Sadqi","year":"2020"},{"key":"ref10","doi-asserted-by":"crossref","first-page":"67660","DOI":"10.1109\/ACCESS.2023.3292143","article-title":"A novel secure and privacy-preserving model for OpenID connect based on blockchain","volume":"11","author":"Belfaik","year":"2023","journal-title":"IEEE Access"},{"key":"ref11","doi-asserted-by":"crossref","first-page":"100002","DOI":"10.1016\/j.csa.2022.100002","article-title":"Secure authentication schemes in cloud computing with glimpse of artificial neural networks: a review","volume":"1","author":"Sheik","year":"2023","journal-title":"Cyber Secur Appl"},{"key":"ref12","doi-asserted-by":"crossref","unstructured":"Hardt D. RFC 6749: the OAuth 2.0 authorization framework; 2012. RFC Editor. [cited 2025 Jun 17]. Available from: https:\/\/datatracker.ietf.org\/doc\/html\/rfc6749.","DOI":"10.17487\/rfc6749"},{"key":"ref13","first-page":"103091","article-title":"OAuth 2.0: architectural design augmentation for mitigation of common security vulnerabilities","volume":"65","author":"Singh","year":"2022","journal-title":"J Inf Secur Appl"},{"key":"ref14","unstructured":"Sakimura N, Bradley J, Jones M, De Medeiros B, Mortimore C. OpenID connect core 1.0;  2014. The OpenID Foundation. [cited 2025 Jun 17]. Available from: https:\/\/openid.net\/specs\/openid-connect-core-1_0.html."},{"key":"ref15","series-title":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","first-page":"189","article-title":"The web SSO standard OpenID connect: in-depth formal security analysis and security guidelines","author":"Fett","year":"2017"},{"key":"ref16","series-title":"Proceedings of the 27th USENIX Conference on Security Symposium, SEC\u201918","first-page":"1475","article-title":"Where art thou? An empirical analysis of single sign-on account hijacking and session management on the web","author":"Ghasemisharif","year":"2018"},{"key":"ref17","unstructured":"Zhang Z, Kr\u00f3l M, Sonnino A, Zhang L, Rivi\u00e9re E. EL PASSO: privacy-preserving, asynchronous single sign-on. arXiv:2002.10289. 2020."},{"key":"ref18","unstructured":"Khandelwal S. Uh Oh, Yahoo! data breach may have hit over 1 billion users; 2016. The Hacker News. [cited 2025 Jun 17]. Available from: https:\/\/thehackernews.com\/2016\/09\/yahoo-data-breach-billion.html."},{"key":"ref19","unstructured":"Kumar M. Facebook admits public data of its 2.2 billion users has been compromised; 2018. The Hacker News. [cited 2025 Jun 17]. Available from: https:\/\/thehackernews.com\/2018\/04\/facebook-data-privacy.html."},{"key":"ref20","unstructured":"Lakshmanan R. Hackers abused microsoft\u2019s \u201cVerified Publisher\u201d oauth apps to breach corporate email accounts; 2023. The Hacker News. [cited 2025 Jun 17]. Available from: https:\/\/thehackernews.com\/2023\/02\/hackers-abused-microsofts-verified.html."},{"key":"ref21","doi-asserted-by":"crossref","first-page":"134","DOI":"10.1016\/j.protcy.2012.05.019","article-title":"A survey on single sign-on techniques","volume":"4","author":"Radha","year":"2012","journal-title":"Proc Technol"},{"key":"ref22","doi-asserted-by":"crossref","first-page":"605","DOI":"10.1016\/j.bushor.2016.08.002","article-title":"Evaluating single sign-on security failure in cloud services","volume":"59","author":"Cusack","year":"2016","journal-title":"Bus Horiz"},{"key":"ref23","first-page":"595","article-title":"A survey on single sign-on","volume":"6","author":"Nongbri","year":"2018","journal-title":"Int J Creative Res Thoughts"},{"key":"ref24","doi-asserted-by":"crossref","first-page":"5782","DOI":"10.1016\/j.jksuci.2021.03.005","article-title":"A systematic literature mapping on secure identity management using blockchain technology","volume":"34","author":"Rathee","year":"2022","journal-title":"J King Saud Univ\u2014Comput Inf Sci"},{"key":"ref25","doi-asserted-by":"crossref","first-page":"3023","DOI":"10.3390\/app12063023","article-title":"Authentication and authorization in microservices architecture: a systematic literature review","volume":"12","author":"de Almeida","year":"2022","journal-title":"Appl Sci"},{"key":"ref26","unstructured":"Mousavi Z, Islam C, Babar MA, Abuadbba A, Moore K. Detecting misuses of security APIs: a systematic review. arXiv:2306.08869. 2023."},{"key":"ref27","doi-asserted-by":"crossref","first-page":"421","DOI":"10.1007\/s12599-023-00830-x","article-title":"A systematic review of identity and access management requirements in enterprises and potential contributions of self-sovereign identity","volume":"66","author":"Gl\u00f6ckler","year":"2023","journal-title":"Bus Inf Syst Eng"},{"key":"ref28","first-page":"35","article-title":"Identity management standards: a literature review","volume":"3","author":"Kiourtis","year":"2023","journal-title":"Comput Inform"},{"key":"ref29","doi-asserted-by":"crossref","first-page":"333","DOI":"10.1016\/j.jbusres.2019.07.039","article-title":"Literature review as a research methodology: an overview and guidelines","volume":"104","author":"Snyder","year":"2019","journal-title":"J Bus Res"},{"key":"ref30","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1016\/j.infsof.2008.09.009","article-title":"Systematic literature reviews in software engineering\u2014a systematic literature review","volume":"51","author":"Kitchenham","year":"2009","journal-title":"Inf Softw Technol"},{"key":"ref31","doi-asserted-by":"crossref","first-page":"72224","DOI":"10.1109\/ACCESS.2024.3403197","article-title":"A comprehensive taxonomy of social engineering attacks and defense mechanisms: toward effective mitigation strategies","volume":"12","author":"Zaoui","year":"2024","journal-title":"IEEE Access"},{"key":"ref32","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3664201","article-title":"Know their customers: an empirical study of online account enumeration attacks","volume":"18","author":"Maceiras","year":"2024","journal-title":"ACM Trans the Web"},{"key":"ref33","series-title":"Internet Measurement Conference 2017 (IMC \u201917)","article-title":"Measuring and mitigating OAuth access token abuse by collusion networks","author":"Farooqi","year":"2017"},{"key":"ref34","author":"Lodderstedt","year":"2013","journal-title":"RFC 6819: OAuth 2.0 threat model and security considerations"},{"key":"ref35","series-title":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","first-page":"251","article-title":"SoK: single sign-on security\u2014an evaluation of OpenID connect","author":"Mainka","year":"2017"},{"key":"ref36","doi-asserted-by":"crossref","first-page":"291","DOI":"10.1016\/j.cose.2018.09.010","article-title":"DangerNeighbor attack: information leakage via PostMessage mechanism in HTML5","volume":"80","author":"Guan","year":"2019","journal-title":"Comput Secur"},{"key":"ref37","series-title":"Annual Computer Security Applications Conference (ACSAC\u201923)","article-title":"OAuth 2.0 redirect URI validation falls short, literally","author":"Innocenti","year":"2023"},{"key":"ref38","series-title":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","first-page":"1","article-title":"Mitigating CSRF attacks on OAuth 2.0 systems","author":"Li","year":"2018"},{"key":"ref39","series-title":"Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2021)","first-page":"678","article-title":"MoScan: a model-based vulnerability scanner for web single sign-on services","author":"Wei","year":"2021"},{"key":"ref40","first-page":"042016","article-title":"Challenges in single sign-on","volume":"1964","author":"Pandey","year":"2021","journal-title":"J Phys: Conf Ser"},{"key":"ref41","series-title":"2020 IEEE European Symposium on Security and Privacy (EuroS&P)","first-page":"276","article-title":"Modular security analysis of OAuth 2.0 in the three-party setting","author":"Li","year":"2020"},{"key":"ref42","series-title":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (ASIA CCS \u201916)","first-page":"651","article-title":"Model-based security testing: an empirical study on OAuth 2.0 implementations","author":"Yang","year":"2016"},{"key":"ref43","doi-asserted-by":"crossref","first-page":"102859","DOI":"10.1016\/j.cose.2022.102859","article-title":"Practical attacks on login CSRF in OAuth","volume":"121","author":"Arshad","year":"2022","journal-title":"Comput Secur"},{"key":"ref44","series-title":"Network and system security. Lecture notes in computer science","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1007\/978-3-030-36938-5_13","article-title":"OVERSCAN: OAuth 2.0 scanner for missing parameters","volume":"11928","author":"Sumongkayothin","year":"2019"},{"key":"ref45","unstructured":"Westers M, Wich T, Jannett L, Mladenov V, Mainka C, Mayer A. SSO-monitor: fully-automatic large-scale landscape, security, and privacy analyses of single sign-on in the wild. arXiv:2302.01024. 2023. doi:10.48550\/arxiv.2302.01024."},{"key":"ref46","series-title":"2017 3rd International Conference on Big Data Computing and Communications (BIGCOM)","first-page":"106","article-title":"A verified secure protocol model of OAuth dynamic client registration","author":"Wang","year":"2017"},{"key":"ref47","doi-asserted-by":"crossref","first-page":"109137","DOI":"10.1016\/j.compeleceng.2024.109137","article-title":"A systematic review of cybersecurity assessment methods for HTTPS","volume":"115","author":"Zineddine","year":"2024","journal-title":"Comput Electr Eng"},{"key":"ref48","series-title":"Security Protocols XXVI: 26th International Workshop; 2018 Mar 19\u201321; Cambridge, UK","first-page":"24","article-title":"Your code is my code: exploiting a common weakness in OAuth 2.0 implementations","volume":"26","author":"Li"},{"key":"ref49","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2019.03.003","article-title":"Understanding and mitigating OpenID connect threats","volume":"84","author":"Navas","year":"2019","journal-title":"Comput Secur"},{"key":"ref50","series-title":"Wireless Algorithms, Systems, and Applications: 13th International Conference, WASA 2018; 2018 Jun 20\u201322","first-page":"400","article-title":"An empirical study of OAuth-based SSO system on web","author":"Qiu","year":"2018"},{"key":"ref51","series-title":"27th USENIX Security Symposium (USENIX Security 18)","first-page":"1459","article-title":"Vetting single sign-on SDK implementations via symbolic reasoning","author":"Yang","year":"2018"},{"key":"ref52","series-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","first-page":"2042","article-title":"PASTA: password-based threshold authentication","author":"Agrawal","year":"2018"},{"key":"ref53","first-page":"1","author":"Zineddine","year":"2024","journal-title":"Risk assessment and countermeasures for cybersecurity"},{"key":"ref54","series-title":"2020 IEEE 11th International Conference on Software Engineering and Service Science (ICSESS)","first-page":"82","article-title":"Evaluation of secure OpenID-based RAAA user authentication protocol for preventing specific web attacks in web apps","author":"Bilal","year":"2020"},{"key":"ref55","series-title":"Advances in information, communication and cybersecurity. ICI2C 21","first-page":"535","article-title":"Single sign-on revocation access","volume":"357","author":"Belfaik","year":"2022","journal-title":"Lecture notes in networks and systems"},{"key":"ref56","unstructured":"Sudhodanan A, Paverd A. Pre-hijacked accounts: an empirical study of security failures in user account creation on the web. arXiv:2205.10174. 2022. doi:10.48550\/ARXIV.2205.10174."},{"key":"ref57","series-title":"2022 IEEE Symposium on Security and Privacy (SP)","article-title":"Towards automated auditing for account and session management flaws in single sign-on deployments","author":"Ghasemisharif","year":"2022"},{"key":"ref58","series-title":"Digital technologies and applications.ICDTA 2024. Lecture notes in networks and systems","first-page":"138","article-title":"Understanding the digital frontier: examining privacy and data security in desktop web browsers","volume":"1098","author":"Zineddine","year":"2024"},{"key":"ref59","series-title":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS\u201920)","first-page":"1953","article-title":"The cookie hunter: automated black-box auditing for web authentication and authorization flaws","author":"Drakonakis","year":"2020"},{"key":"ref60","first-page":"102444","article-title":"A research of security in website account binding","volume":"51","author":"Gao","year":"2020","journal-title":"J Inf Secur Appl"},{"key":"ref61","doi-asserted-by":"crossref","first-page":"580","DOI":"10.1016\/j.jksuci.2019.03.004","article-title":"Adaptive security architectural model for protecting identity federation in service oriented computing","volume":"33","author":"Beer Mohamed","year":"2021","journal-title":"J King Saud Univ\u2014Comput Inf Sci"},{"key":"ref62","series-title":"2019 IEEE Conference on Dependable and Secure Computing (DSC)","first-page":"1","article-title":"Towards the trust-enhancements of single sign-on services","author":"Bao","year":"2019"},{"key":"ref63","series-title":"International Conference on Security and Privacy in Communication Systems","first-page":"511","article-title":"Ticket transparency: accountable single sign-on with privacy-preserving public logs","author":"Chu","year":"2019"},{"key":"ref64","series-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS\u201922)","first-page":"1553","article-title":"DISTINCT: identity theft using in-browser communications in dual-window single sign-on","author":"Jannett","year":"2022"},{"key":"ref65","doi-asserted-by":"crossref","first-page":"195675","DOI":"10.1109\/ACCESS.2020.3033570","article-title":"Single sign-on: a solution approach to address inefficiencies during sign-out process","volume":"8","author":"Ramamoorthi","year":"2020","journal-title":"IEEE Access"},{"key":"ref66","series-title":"Developments and Advances in Defense and Security: Proceedings of MICRADS 2019","first-page":"15","article-title":"Single sign-on implementation: leveraging browser storage for handling tabbed browsing sign-outs","author":"Ramamoorthi","year":"2020"},{"key":"ref67","series-title":"Data and applications security and privacyXXXVII. DBSec 2023. Lecture notes in computer science","first-page":"203","article-title":"Assurance, consent and access control for privacy-aware OIDC deployments","volume":"13942","author":"Sassetti","year":"2023"},{"key":"ref68","series-title":"2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\/12th IEEE International Conference on Big Data Science and Engineering (TrustCom\/BigDataSE)","article-title":"DecentID: decentralized and privacy-preserving identity storage system using smart contracts","author":"Friebe","year":"2018"},{"key":"ref69","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1155\/2022\/9983995","article-title":"Decentralized, privacy-preserving, single sign-on","volume":"2022","author":"Mir","year":"2022","journal-title":"Secur Commun Netw"},{"key":"ref70","first-page":"112","article-title":"Comparative analysis and framework evaluating web single sign-on systems","volume":"53","author":"Alaca","year":"2020","journal-title":"ACM Comput Surv"},{"key":"ref71","first-page":"62","author":"Belfaik","year":"2024","journal-title":"Privacy-preserving techniques for online social networks data"},{"key":"ref72","first-page":"200","author":"Saito","year":"2021","journal-title":"Advances in networked-based information systems"},{"key":"ref73","doi-asserted-by":"crossref","first-page":"16","DOI":"10.3390\/cryptography4020016","article-title":"Security and performance of single sign-on based on one-time pad algorithm","volume":"4","author":"Kihara","year":"2020","journal-title":"Cryptography"},{"key":"ref74","series-title":"2020 2nd Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS)","first-page":"71","article-title":"Distributed-ledger-based authentication with decentralized identifiers and verifiable credentials","author":"Lux","year":"2020"},{"key":"ref75","series-title":"Proceedings of the 33rd Annual ACM Symposium on Applied Computing (SAC\u201918)","first-page":"1165","article-title":"Helping john to make informed decisions on using social login","author":"Karegar","year":"2018"},{"key":"ref76","series-title":"Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS\u201920)","first-page":"277","article-title":"Privacy-Preserving OpenID Connect","author":"Hammann","year":"2020"},{"key":"ref77","series-title":"Detection of intrusions and malware, and vulnerability assessment. DIMVA 2021. Lecture notes in computer science. Vol. 12756","first-page":"21","article-title":"The full gamut of an attack: an empirical analysis of OAuth CSRF in the wild","author":"Benolli","year":"2021"},{"key":"ref78","series-title":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","article-title":"User access privacy in OAuth 2.0 and OpenID connect","author":"Li","year":"2020"},{"key":"ref79","first-page":"235","article-title":"An anonymous and authentication protocol for multi-server","volume":"46","author":"Kuo","year":"2017","journal-title":"Inf Technol Control"},{"key":"ref80","doi-asserted-by":"crossref","first-page":"223","DOI":"10.1109\/TIFS.2019.2919926","article-title":"Anonymous single sign-on with proxy re-verification","volume":"15","author":"Han","year":"2020","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"ref81","series-title":"Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018; 2018 Sep 3\u20137;","first-page":"470","article-title":"Anonymous single-sign-on for n designated services with traceability","author":"Han","year":"2018"},{"key":"ref82","doi-asserted-by":"crossref","first-page":"763","DOI":"10.1007\/978-3-319-78813-5_41","author":"Wang","year":"2018","journal-title":"Security and Privacy in Communication Networks: 13th International Conference, SecureComm 2017"},{"key":"ref83","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3711898","article-title":"\u201cSign in with. Privacy\u201d: timely disclosure of privacy differences among web SSO login options","volume":"28","author":"Morkonda","year":"2025","journal-title":"ACM Trans Priv Secur"},{"key":"ref84","first-page":"185","volume":"746","author":"Ramamoorthi","year":"2018","journal-title":"Trends and advances in information systems and technologies. WorldCIST'18 2018. Advances in intelligent systems and computing"},{"key":"ref85","unstructured":"Mozilla. Window: postMessage() method\u2014Web APIs\u2014MDN\u2014developer.mozilla.org. [cited 2025 Jun 17]. Available from: https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Window\/postMessage."},{"key":"ref86","series-title":"Data and applications security and privacyXXXV. DBSec 2021. Lecture notes in computer science","first-page":"325","article-title":"Automated risk assessment and what-if analysis of OpenID connect and OAuth 2.0 deployments","volume":"12840","author":"Dashti","year":"2021"},{"key":"ref87","unstructured":"Mozilla. Intersection Observer API\u2014Web APIs\u2014MDN\u2014developer.mozilla.org; [cited 2025 Jun 17]. Available from: https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Intersection_Observer_API."},{"key":"ref88","series-title":"Digital technologies and applications.ICDTA 2024. Lecture notes in networks and systems","first-page":"118","article-title":"A comparative study of protocols\u2019 security verification tools: Avispa, scyther, ProVerif, and Tamarin","volume":"1099","author":"Belfaik","year":"2024"},{"key":"ref89","first-page":"23","volume":"12308","author":"Veronese","year":"2020","journal-title":"Computer security\u2013ESORICS 2020. Lecture notes in computer science"},{"key":"ref90","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1155\/2018\/6315039","article-title":"Assessment of secure OpenID-based DAAA protocol for avoiding session hijacking in web applications","volume":"2018","author":"Bilal","year":"2018","journal-title":"Secur Commun Netw"},{"key":"ref91","doi-asserted-by":"crossref","first-page":"103666","DOI":"10.1016\/j.cose.2023.103666","article-title":"Influences of displaying permission-related information on web single sign-on login decisions","volume":"139","author":"Morkonda","year":"2024","journal-title":"Comput Secur"},{"key":"ref92","series-title":"Verification and evaluation of computer and communication systemsVECoS 2023. Lecture notes in computer science","first-page":"122","article-title":"A comparative study of online cybersecurity training platforms","volume":"14368","author":"Rehaimi","year":"2024"},{"key":"ref93","first-page":"396","author":"Argyriou","year":"2017","journal-title":"Computer safety, reliability, and security"},{"key":"ref94","doi-asserted-by":"crossref","first-page":"182","DOI":"10.1007\/978-3-030-94029-4_13","volume":"13","author":"Magnanini","year":"2022","journal-title":"Cyberspace Safety and Security: 13th International Symposium, CSS 2021"},{"key":"ref95","series-title":"Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201922)","first-page":"460","article-title":"OAuch: exploring security compliance in the OAuth 2.0 ecosystem","author":"Philippaerts","year":"2022"},{"key":"ref96","series-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. CCS\u201922","first-page":"2459","article-title":"Cerberus: query-driven scalable vulnerability detection in oauth service provider implementations","author":"Rahat","year":"2022"},{"key":"ref97","first-page":"93","article-title":"Extending OpenID connect towards mission critical applications","volume":"18","author":"Deeptha","year":"2018","journal-title":"Cybern Inf Technol"},{"key":"ref98","doi-asserted-by":"crossref","first-page":"1238","DOI":"10.3390\/electronics11081238","article-title":"User-centric privacy for identity federations based on a recommendation system","volume":"11","author":"Villar\u00e1n","year":"2022","journal-title":"Electronics"},{"key":"ref99","first-page":"4713","article-title":"Assessing secure OpenID-Based EAAA protocol to prevent MITM and phishing attacks in web apps","volume":"75","author":"Bilal","year":"2023","journal-title":"Comput Mater Contin"},{"key":"ref100","first-page":"102971","article-title":"Implementation and evaluation of a privacy-preserving distributed ABC scheme based on multi-signatures","volume":"62","author":"Garc\u00eda-Rodr\u00edguez","year":"2021","journal-title":"J Inf Secur Appl"},{"key":"ref101","doi-asserted-by":"crossref","first-page":"107751","DOI":"10.1016\/j.compeleceng.2022.107751","article-title":"A decentralized open web cryptographic standard","volume":"99","author":"Das","year":"2022","journal-title":"Comput Electr Eng"},{"key":"ref102","doi-asserted-by":"crossref","first-page":"349","DOI":"10.1109\/TCC.2021.3094846","article-title":"Enhancing OAuth with blockchain technologies for data portability","volume":"11","author":"Cha","year":"2023","journal-title":"IEEE Trans Cloud Comput"},{"key":"ref103","series-title":"2021 International Conference on Advanced Computing and Endogenous Security","article-title":"UP-SSO: enhancing the user privacy of SSO by integrating PPID and SGX","author":"Guo","year":"2022"},{"key":"ref104","first-page":"1","article-title":"TSAPP: threshold single-sign-on authentication preserving privacy","volume":"21","author":"Zhang","year":"2023","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"ref105","series-title":"2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN)","article-title":"DAuth: a decentralized web authentication system using ethereum based blockchain","author":"Patel","year":"2019"},{"key":"ref106","series-title":"2018 IEEE International Conference on Communications (ICC)","first-page":"1","article-title":"PRIMA: privacy-preserving identity and access management at internet-scale","author":"Asghar","year":"2018"},{"key":"ref107","doi-asserted-by":"crossref","first-page":"1197","DOI":"10.21817\/indjcse\/2022\/v13i4\/221304176","article-title":"Easeid- a session-based single sign-on self-sovereign identity and access management system using blockchain","volume":"13","author":"Reddy","year":"2022","journal-title":"Indian J Comput Sci Eng"},{"key":"ref108","doi-asserted-by":"crossref","first-page":"1293","DOI":"10.1587\/transcom.2022TMP0005","article-title":"Secure enrollment token delivery mechanism for zero trust networks using blockchain","volume":"E106.B","author":"Diaz Rivera","year":"2023","journal-title":"IEICE Trans Commun"},{"key":"ref109","first-page":"295","volume":"13555","author":"Jiang","year":"2022","journal-title":"Computer security\u2014ESORICS\u20132022. Lecture notes in computer science"},{"key":"ref110","first-page":"2144","article-title":"Framework to secure the OAuth 2.0 and JSON web token for REST API","volume":"99","author":"Rushdy","year":"2021","journal-title":"J Theor Appl Inf Technol"},{"key":"ref111","first-page":"275","volume":"336","author":"Liu","year":"2020","journal-title":"Security and privacy in communication networks. SecureComm 2020. Lecture notes of the institute for computer sciences, social informatics and telecommunications engineering"},{"key":"ref112","series-title":"2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)","first-page":"352","article-title":"MISO: legacy-compatible privacy-preserving single sign-on using trusted execution environments","author":"Xu","year":"2023"},{"key":"ref113","series-title":"Proceedings of the 10th ACM Workshop on Moving Target Defense","first-page":"25","article-title":"Rethinking single sign-on: a reliable and privacy-preserving alternative with verifiable credentials","author":"Johnson","year":"2023"},{"key":"ref114","doi-asserted-by":"crossref","first-page":"103739","DOI":"10.1016\/j.cose.2024.103739","article-title":"ROSTAM: a passwordless web single sign-on solution mitigating server breaches and integrating credential manager and federated identity systems","volume":"139","author":"Mahnamfar","year":"2024","journal-title":"Comput Secur"},{"key":"ref115","series-title":"Computer security\u2013ESORICS 2023. Lecture notes in computer science","first-page":"318","article-title":"A user-centric approach to API delegations:","volume":"14345","author":"Kalantari","year":"2023"},{"key":"ref116","doi-asserted-by":"crossref","unstructured":"Frederiksen TK, Hesse J, Poettering B, Towa P. Attribute-based Single sign-on: secure, private, and efficient; 2023. Cryptology ePrint Archive. [cited 2025 Jun 17]. Available from: https:\/\/eprint.iacr.org\/2023\/915.","DOI":"10.56553\/popets-2023-0097"},{"key":"ref117","doi-asserted-by":"crossref","first-page":"18335","DOI":"10.1038\/s41598-023-44586-6","article-title":"SSH-DAuth: secret sharing based decentralized oauth using decentralized identifier","volume":"13","author":"Krishna","year":"2023","journal-title":"Sci Rep"},{"key":"ref118","first-page":"401","volume":"12238","author":"Camenisch","year":"2020","journal-title":"Security and cryptography for networks. SCN 2020. Lecture notes in computer science"}],"container-title":["Computers, Materials & Continua"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/cdn.techscience.cn\/files\/cmc\/2025\/TSP_CMC-84-3\/TSP_CMC_66139\/TSP_CMC_66139.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T05:45:19Z","timestamp":1776923119000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.techscience.com\/cmc\/v84n3\/63182"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":118,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2025]]},"published-print":{"date-parts":[[2025]]}},"URL":"https:\/\/doi.org\/10.32604\/cmc.2025.066139","relation":{},"ISSN":["1546-2226"],"issn-type":[{"value":"1546-2226","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"2025-03-31","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-06-18","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-07-30","order":2,"name":"published","label":"Published Online","group":{"name":"publication_history","label":"Publication History"}}]}}