Best Current Practice for OAuth 2.0 Security.
RFC, January, 2025
OAuth 2.0 Demonstrating Proof of Possession (DPoP).
RFC, September, 2023
OAuth 2.0 Authorization Server Issuer Identification.
RFC, March, 2022
FAPI 2.0: A High-Security Profile for OAuth and OpenID Connect.
Proceedings of the Open Identity Summit 2021, Copenhagen, Denmark, June 1-2, 2021., 2021
An Extensive Formal Security Analysis of the OpenID Financial-Grade API.
Proceedings of the 2019 IEEE Symposium on Security and Privacy, 2019
An expressive formal model of the web infrastructure.
PhD thesis, 2018
The Web SSO Standard OpenID Connect: In-depth Formal Security Analysis and Security Guidelines.
Proceedings of the 30th IEEE Computer Security Foundations Symposium, 2017
Pi and More - eine Veranstaltungsreihe rund um "kleine Computer".
Proceedings of the 46. Jahrestagung der Gesellschaft für Informatik, 2016
A Comprehensive Formal Security Analysis of OAuth 2.0.
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016
Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web.
Proceedings of the Computer Security - ESORICS 2015, 2015
SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015
An Expressive Model for the Web Infrastructure: Definition and Application to the BrowserID SSO System.
CoRR, 2014
An Expressive Model for the Web Infrastructure: Definition and Application to the Browser ID SSO System.
Proceedings of the 2014 IEEE Symposium on Security and Privacy, 2014