1.
|
Towards Improving the Usability and Security of Web Single Sign-On Systems
/ San-Tsai Sun
[LERSSE-THESIS-2013-001]
OpenID and OAuth are open and lightweight web single sign-on (SSO) protocols that have been adopted by high-profile identity providers (IdPs), such as Facebook, Google, Microsoft, and Yahoo, and millions of relying party (RP) websites. [...]
Published in San-Tsai Sun, "Towards Improving the Usability and Security of Web Single Sign-On Systems," PhD dissertation, Department of Electrical and Computer Engineering, THE UNIVERSITY OF BRITISH COLUMBIA, November, 2013, pp.216:
Fulltext: PDF PDF (PDFA);
|
2.
|
Investigating Users' Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model
/ San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al
[LERSSE-RefJnlPaper-2013-001]
OpenID and OAuth are open and simple web single sign-on (SSO) protocols that have been adopted by major service providers, and millions of supporting websites. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. Investigating users' perspectives of web single sign-on: Conceptual gaps and acceptance model. Accepted for publication in ACM Transactions on Internet Technology (TOIT) on June 4th, 2013.:
Fulltext: PDF PDF (PDFA);
|
3.
|
Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures
/ San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2012-001]
OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures. Computers & Security, Accepted 7 February 2012.:
Transfer from CDS 0.99.7: PDF;
|
4.
|
What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID
/ San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al
[LERSSE-RefConfPaper-2011-004]
OpenID is an open and promising Web single sign-on (SSO) solution. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. What makes users refuse web single sign-on? an empirical investigation of OpenID. In Proceedings of Symposium on Usable Privacy and Security, July 2011.:
Transfer from CDS 0.99.7: PDF;
|
5.
|
OpenID-Enabled Browser: Towards Usable and Secure Web Single Sign-On
/ San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al
[LERSSE-RefConfPaper-2011-001]
OpenID is an open and promising Web single sign-on solution; however, the interaction flows provided by OpenID are inconsistent and counter-intuitive, and vulnerable to phishing attacks. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, Konstantin Beznosov. OpenID-Enabled Browser: Towards Usable and Secure Web Single Sign-On. In Proceedings of the 29th International Conference Extended abstracts on Human Factors in Computing Systems (CHI '11), Vancouver, Canada, 2011.:
Transfer from CDS 0.99.7: PDF;
|
6.
|
OpenID Security Analysis and Evaluation
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-PRESENTATION-2010-002]
OpenID is a promising user-centric Web single sign-on protocol. [...]
Published in San-Tsai Sun and Konstantin Beznosov, "OpenID Security Analysis and Evaluation," presented at the OWASP Chapter Meeting, Vancouver, Canada, October 21th 2010:
Transfer from CDS 0.99.7: PDF;
|
7.
|
OpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On Triangle
/ San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2010-007]
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. OpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On Triangle. In Proceedings of the Sixth ACM Workshop on Digital Identity Management (DIM), October 8 2010.:
Transfer from CDS 0.99.7: PDF;
|
8.
|
A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On
/ San-Tsai Sun ; Yazan Boshmaf ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2010-006]
OpenID and InfoCard are two mainstream Web single sign-on (SSO) solutions intended for Internet-scale adoption. [...]
Published in San-Tsai Sun, Yazan Boshmaf, Kirstie Hawkey, and Konstantin Beznosov. A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On. In Proceedings of the New Security Paradigms Workshop (NSPW), September 20-22, 2010. :
Transfer from CDS 0.99.7: PDF;
|