{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00201406","sets":["6164:6165:6462:10022"]},"path":["10022"],"owner":"44499","recid":"201406","title":["OAuth/OpenIDConnect実装におけるセキュリティ状況の調査"],"pubdate":{"attribute_name":"公開日","attribute_value":"2019-10-14"},"_buckets":{"deposit":"63880969-f11c-486c-b65d-8c5b48f179ca"},"_deposit":{"id":"201406","pid":{"type":"depid","value":"201406","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"OAuth/OpenIDConnect実装におけるセキュリティ状況の調査","author_link":["492400","492401","492399","492397","492398","492402"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"OAuth/OpenIDConnect実装におけるセキュリティ状況の調査"},{"subitem_title":"How Secure Are OAuth/OpenIDConnect Implemented in Japan?","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"OAuth，OpenIDConnect，ソーシャルログイン","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2019-10-14","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"明治大学大学院"},{"subitem_text_value":"明治大学"},{"subitem_text_value":"明治大学大学院"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Meiji University","subitem_text_language":"en"},{"subitem_text_value":"Meiji University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Meiji University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/201406/files/IPSJCSS2019113.pdf","label":"IPSJCSS2019113.pdf"},"date":[{"dateType":"Available","dateValue":"2021-10-14"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2019113.pdf","filesize":[{"value":"926.4 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"ebe74ba2-fa2f-4755-8883-f693b980e79a","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2019 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"菊田, 翼"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"齋藤, 孝道"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"小芝, 力太"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Tsubasa, Kikuta","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takamichi, Saito","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Rikita, Koshiba","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_18_relation_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_relation_type_id":{"subitem_relation_type_select":"NCID","subitem_relation_type_id_text":"ISSN　1882-0840"}}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Webサイトを利用する際の認証において，ソーシャルメディアのアカウントを利用するソーシャルログインと呼ばれる仕組みがある．ソーシャルログインはOAuthやOpenIDConnectにより実装されることがある．しかし，Webサイト作成側での実装によっては，プライバシー上の問題を引き起こすことや攻撃に対し脆弱となることが知られている．本論文では，Webサイトのログインページの認証フローを辿ることで，そのサイトにおけるソーシャルログインの実装状況を調査した．その結果，SNSからのアクセス権限を必要以上に取得しているWebサイト，実装上の欠陥により脆弱性が残っている可能性を持つWebサイトが500サイト中28サイトで確認された．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"When a website authenticates the users, it is applied to so-called social login in EC site. The social login is known to use a social media account, such as Facebook, Google, and Twitter. In the case, a website is applied to the use of OAuth and OpenIDConnect. However, the implementation of the website may be caused privacy concerns or be vulnerable to attacks. In this paper, by crawling the login pages of 500 Japanese EC sites and tracing the authentication flows, we investigated the implementation status of social login and their security against CSRF. As a result, we observed 28 websites that acquired users permissions from SNS more than necessary, and some sites were vulnerable due to improper implementation.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"807","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2019論文集"}],"bibliographicPageStart":"800","bibliographicIssueDates":{"bibliographicIssueDate":"2019-10-14","bibliographicIssueDateType":"Issued"},"bibliographicVolumeNumber":"2019"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":201406,"updated":"2025-01-19T21:03:05.589717+00:00","links":{},"created":"2025-01-19T01:04:40.556736+00:00"}