LERSSE-POSTER-2010-002 |
San-Tsai Sun ; Konstantin Beznosov
07 December 2009
Abstract: Today's Web is site-centric. Web users have to maintain a separate copy of user ID and password for each website, which leads to weaker passwords and password re-use across accounts. Currently, single-domain SSO is not scalable to the Web and federated SSO requires pre-built agreements and trust relationships between identity and service providers. OpenID is promising, but it has usability issues of URI-based identifier scheme and is vulnerable to phishing attacks. In this poster, we describe the architecture, design, and implementation of a proposed system for usable and secure Web single sign-on. Our approach builds OpenID support into web browsers, hides OpenID identifiers from users with their existing email accounts, extends the OpenID protocol to perform authentication directly by browsers, and introduces an OpenIDAuth HTTP access authentication scheme to convey authenticated identities automatically into websites that support OpenID for authentication.
Note: Web Single Sign-On Web Identity Management Authentication
Published in: San-Tsai Sun and Konstantin Beznosov. Poster: OpenIDemail Enabled Browser. In the poster session of the 25th Annual Computer Security Applications Conference (ACSAC), December 2009:
The record appears in these collections:
Posters