San-Tsai Sun ; Konstantin Beznosov

28 February 2011

Abstract: The web is essential for business and personal activities well beyond information retrieval, such online banking, financial transactions, and payment authorization, but reliable user authentication remains a challenge. OpenID is a mainstream Web single sign-on (SSO) solution intended for Internet-scale adoption. There are currently over one billion OpenID-enabled user accounts provided by major content-hosting and service providers (CSPs), e.g., Yahoo!, Google, Facebook, but only a few relying parties that allow users to use their OpenID credentials for SSO. Why is that? This talk will overview OpenID, and then discuss weaknesses of (1) the protocol and its implementations, (2) the business model behind it, and (3) the user interface. It will conclude with a discussion of a proposal for addressing some of OpenID issues.

Keyword(s): OpenID, Web Single Sign-On, issnet

Published in: San-Tsai Sun and Konstantin Beznosov, "Is OpenID too Open? Technical, Business, and Human Issues That Get in the Way of OpenID and Ways of Addressing Them," presented at Eurecom, February 24, 2011. 57 pages.: