For students and professors
We are thinking that security analysis of real-world SSO mechanisms may have great educational values, especially for students who are studying web services security, security protocol verification, and other related topics. So if you are a student or a professor who wants to use the topic for your course project, feel free to take a look at following sample project we designed for you. You are of course very welcome to come up with your own design. Shoot an email to ruiwanATmicrosoftDOTcom if you need any help.
Course Project: Security Analysis of Web Single-Sign-On Mechanisms
Description: Recent years, we see the first-time large-scale deployment of Web Single-Sign-On (web SSO) services provided by Facebook, Google, Twitter, Microsoft, and others. Billions of web accounts have been enabled to use the SSO services, whose security, therefore, become very critical. In this course project, you will have the opportunity to study real-world websites, and evaluate the security quality of their SSO mechanisms. You are very encouraged to find practical vulnerabilities, which will have impact on the real world.