Received as TIM proposal

The goal is to research the security of Single Sign-On (SSO) implementations using fuzzing and possibly other methods. There are multiple popular SSO protocols. We plan to focus on OpenID Connect and SAML.

In this task, we

• conduct literature research on the methods of fuzzing

• research on the protocols and implementations targeted – focusing on the ones used in our community, with sensible default configurations

• establish a plan to handle results (possible vulnerability information)

• research on pre-existing vulnerabilities, further narrow down to fuzzing methods

• define resource needs set up the fuzzing infrastructure, possibly spanning multiple NRENS

• conduct the fuzzing

• write a white paper on the results

• depending on the results communicate with vendors/developers

The following parties will use the results of this activity: