| Proposer | Harm Roukema (DEIC) | 
|---|---|
| Area | IDENTITY & ACCESS MANAGEMENT | 
| Type of work | RESEARCH | 
| Output | REPORT | 
| History | 
Received as TIM proposal
The goal is to research the security of Single Sign-On (SSO) implementations using fuzzing and possibly other methods. There are multiple popular SSO protocols. We plan to focus on OpenID Connect and SAML.
In this task, we
- conduct literature research on the methods of fuzzing 
- research on the protocols and implementations targeted – focusing on the ones used in our community, with sensible default configurations 
- establish a plan to handle results (possible vulnerability information) 
- research on pre-existing vulnerabilities, further narrow down to fuzzing methods 
- define resource needs set up the fuzzing infrastructure, possibly spanning multiple NRENS 
- conduct the fuzzing 
- write a white paper on the results 
- depending on the results communicate with vendors/developers 
The following parties will use the results of this activity:
| T&I Service | could use the security findings | 
|---|---|
| R&E Community | - | 
| External Party | - | 
Activity Description
