Web based protocols, in particular security protocols such as OpenId, SAML SSO, and OAuth 2, have a role in the cloud. Web based security protocols include standardized methods that enable users to control the number of accounts, and also to control which services in the cloud should have access to particular private data sets. For example, a user can access a calendar application through a social networking application. The access is enabled by a protocol that establishes a trust relationship between the social networking application and the calendar application, such that the user can authenticate towards the first, in a way that it is recognized by the second. The specific message sequence and the security requirements to protect the confidentiality of messages transmitted are determined by the protocol specification.
In some cases, a web application, a web service or a cloud application developer fails to meet the security requirements. Unsatisfied security requirements generate security vulnerabilities, which can lead to faulty implementations, exploitable by malicious clients, with drastic consequences for the privacy of the end-user and for business data. In some cases, security vulnerabilities are originated from inexperience, lack of knowledge of secure programming practices or incorrect implementation of the security protocol.