Browsing by Author "Vindinu, J"

Filter results by typing the first few letters
Now showing 1 - 1 of 1
  • Thumbnail Image
    ItemEmbargo
    Post-Quantum Cryptography for Web Authentication Protocols: A Systematic Review of OAuth 2.0, OpenID Connect, and SAML Migration
    (Institute of Electrical and Electronics Engineers Inc., 2026-03-19) Dissanayake, R; Wijesinghe, H; Vindinu, J; Jayasinghe, K; Abeywardena, K; Senarathne, A
    OAuth 2.0, OpenID Connect (OIDC), and SAML rely on classical public-key primitives such as RSA and ECDSA, which are vulnerable to quantum attacks via Shor's algorithm. This systematic review examines migration of these protocols to Post-Quantum Cryptography (PQC) following the 2024 NIST standardization of ML-DSA and ML-KEM. We map cryptographic dependencies across all three protocols, evaluate NIST-standardized algorithms for authentication use cases, and analyze practical migration challenges. Token size explosion, with ML-DSA-65 signatures approximately 52 times larger than ECDSA P-256, represents the dominant implementation barrier, compounded by incomplete JOSE standardization and limited ecosystem maturity. Missing formal security proofs and federation migration frameworks are identified as critical priorities before production deployment.