“…The original Kerberos protocol and related three party schemes have been intensely studied without finding severe security deficiencies (Boldyreva & Kumar, 2007;Backes, Cervesato, Jaggard, Scedrov, & Tsay, 2006). However, their browser-based offspring-federated identity management protocols-turned out to have some vulnerabilities: In addition to the mentioned Microsoft Passport analyses of Kormann and Rubin (2000), Slemko (2001), andGroß (2003) analyzes SAML, an alternative single sign on protocol, and shows that the protocol is vulnerable to adaptive attacks where the adversary intercepts the authentication token contained in the URL.…”