Investigating Users' Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model

San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; Kirstie Hawkey ; Konstantin Beznosov

04 June 2013

Abstract: OpenID and OAuth are open and simple web single sign-on (SSO) protocols that have been adopted by major service providers, and millions of supporting websites. However, the average user's perception of web SSO is still poorly understood. Through several user studies, this work investigates users' perceptions and concerns when using web SSO for authentication. We found several misconceptions and concerns that hinder our participants' adoption intentions, from their inadequate mental models of web SSO, to their concerns of personal data exposure, and a reduction in their perceived web SSO value due to the employment of password management practices. Informed by our findings, we offer a web SSO technology acceptance model, and suggest design improvements.

Keyword(s): issnet ; Web Single Sign-On ; OpenID ; OAuth ; Usable Security

Published in: San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. Investigating users' perspectives of web single sign-on: Conceptual gaps and acceptance model. Accepted for publication in ACM Transactions on Internet Technology (TOIT) on June 4th, 2013.:

