Hi Francisco Yes, I have seen that report in the past and it is good and informative but is not a substitute for formal analysis. Here is another example of the type of analysis I am looking for, this one covering Oauth 1.0a from our research lab
http://domino.watson.ibm.com/library/cyberdig.nsf/papers/B0D33665257DD3A0852576410043BCDD/$File/rc24856.pdf Regards Mark Francisco Corella <[email protected]> wrote on 13/05/2011 17:58:01: > Francisco Corella <[email protected]> > 13/05/2011 17:58 > > Please respond to > [email protected] > > To > > [email protected], Mark Mcgloin/Ireland/IBM@IBMIE > > cc > > Subject > > Re: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0 > > We wrote a security analysis of double redirection protocols that > has a section on OAuth 2.0 as of draft 11. You can find it at > http://pomcor.com/techreports/DoubleRedirection.pdf > > Francisco > > --- On Fri, 5/13/11, Mark Mcgloin <[email protected]> wrote: > > From: Mark Mcgloin <[email protected]> > Subject: [OAUTH-WG] Formal security protocol analysis of OAuth 2.0 > To: [email protected] > Date: Friday, May 13, 2011, 10:40 AM > > Does anyone know of a formal security protocol analysis that has been > carried out for OAuth 2.0? > > I could only find analysis done against 1.0a, like this one: > > http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5762765 > > > thanks > Mark > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
