In our blog you will find articles on various IT security related topics, such as Open Penetration Tests and other public expertises.
Penetration Test of the DENIC ID
Based on the proven expertise in the areas of Single Sign-On and OpenID Connect, our team has been selected to perform an open penetration test of the DENIC ID - an implementation of ID4me.
The scope of the penetration test was to evaluate typical Single Sign-On weaknesses and the impact of novel features implemented in DENIC ID on the security of this login system.
DENIC ID is the first widely-deployed implementation of ID4me (https://id4me.org/documents/) - a novel protocol for federated identity management. It is based on well-established standards such as OpenID Connect and Domain Name System (DNS). In contrast to other Single Sign-On schemes, ID4me divides the duties of the identity provider into two separated entities: an identity agent and an identity authority. The identity agent provides registration services and manages user data. The identity authority is responsible for user authentication and authorization.