000000244 001__ 244
000000244 005__ 20130522141941.0
000000244 037__ $$aLERSSE-RefConfPaper-2010-006
000000244 100__ $$aSan-Tsai Sun
000000244 245__ $$aA Billion Keys, but Few Locks: The Crisis of Web Single Sign-On
000000244 260__ $$c2010-07-19
000000244 300__ $$a11
000000244 500__ $$a
000000244 520__ $$aOpenID and InfoCard are two mainstream Web single sign-on (SSO) solutions intended for Internet-scale adoption. While they are technically sound, the business model of these solutions does not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). In addition, the pressure from users and identity providers (IdPs) is not strong enough to drive CSPs toward adopting Web SSO. As a result, there are currently over one billion OpenID-enabled user accounts provided by major CSPs, but only a few relying parties. In this paper, we discuss the problem of Web SSO adoption for RPs and argue that solutions in this space must offer RPs sufficient business incentives and trustworthy identity services in order to succeed. We suggest future Web SSO development should investigate RPs' business needs, identify IdP business models, and build trust frameworks. Moreover, we propose that Web SSO technology should shift from its current shared-identity paradigm to a true Web single sign-on and sign-out experience in order to function as a platform to motivate RPs' adoption.
000000244 6531_ $$aWeb Single Sign-On
000000244 6531_ $$aWeb Identity Management
000000244 6531_ $$aAuthentication
000000244 6531_ $$aOpenID
000000244 6531_ $$aInfoCard
000000244 6531_ $$aissnet
000000244 700__ $$aYazan Boshmaf
000000244 700__ $$aKirstie Hawkey
000000244 700__ $$aKonstantin Beznosov
000000244 8560_ $$fsantsais@ece.ubc.ca
000000244 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/244/files/244.pdf$$yTransfer from CDS 0.99.7
000000244 909C4 $$pSan-Tsai Sun, Yazan Boshmaf, Kirstie Hawkey, and Konstantin Beznosov. A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On. In Proceedings of the New Security Paradigms Workshop (NSPW), September 20-22, 2010.
000000244 980__ $$aRefConfPaper