Security & Trust

Automated and Secure Integration of the OpenID Connect iGov Profile in Mobile Native Applications

This page contains complementary material related to the following paper:
  • Title: Automated and Secure Integration of the OpenID Connect iGov Profile in Mobile Native Applications
  • Authors: Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise
  • DOI: 10.1007/978-3-030-64455-0_4

Abstract

Electronic identification schemes have been built to simplify citizens access to online public administration services and reduce password fatigue via a single sign-on experience. To provide a precise specification for government and public service domains on how to protect the user’s identity information and activity from unintentional exposure, the OAuth working group together with the OpenID Connect foundation have published the International Government Assurance Profile (iGov) document. As the specification contains high-level concepts and brings together a lot of insights from already published documents to increase the baseline security and structure deployments, it may be unclear or misleading for mobile application developers. This is mainly due to the fact that firstly, they are not usually security experts and secondly, the aforementioned documents are not mostly designed for the native applications that can affect the implementation security based on the differences between the native and web environment. The aforementioned source of uncertainty for inexperienced developers can lead to various threats that can expose user’s resources. To avoid these problems, we demystify the iGov profile for non-security experts by extracting the wealth information from the iGov specifications, and we apply the best current practices for native applications within the iGov profile to conceptualize the flow for native applications. Furthermore, we provide a wizard-based approach to automatically integrate the secure code for the iGov profile in Android native applications.

Complementary Material

Tools

mIDAssistant_iGov is an Android Studio plugin that guides native mobile app developers with secure integration of OpenID Connect iGov profile (OpenID Connect iGov) solutions within their apps.

mIDAssistant_iGov plugin is still in its early stage and developed for the demo purpose. The plugin code is open-source and accessible here.

Related Tools

  • mIDAssistant_iGov

Involved People

Roberto Carbone

Roberto Carbone

Silvio Ranise

Silvio Ranise

Giada Sciarretta

Giada Sciarretta

Amir Sharif

Amir Sharif