TY - GEN
T1 - A billion keys, but few locks
T2 - New Security Paradigms Workshop, NSPW 2010
AU - Sun, San Tsai
AU - Boshmaf, Yazan
AU - Hawkey, Kirstie
AU - Beznosov, Konstantin
PY - 2010
Y1 - 2010
N2 - OpenID and InfoCard are two mainstream Web single sign-on (SSO) solutions intended for Internet-scale adoption. While they are technically sound, the business model of these solutions does not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). In addition, the pressure from users and identity providers (IdPs) is not strong enough to drive CSPs toward adopting Web SSO. As a result, there are currently over one billion OpenID-enabled user accounts provided by major CSPs, but only a few relying parties. In this paper, we discuss the problem of Web SSO adoption for RPs and argue that solutions in this space must offer RPs sufficient business incentives and trustworthy identity services in order to succeed. We suggest future Web SSO development should investigate and fulfill RPs' business needs, identify IdP business models, and build trust frameworks. Moreover, we propose that Web SSO technology should build identity support into browsers in order to facilitate RPs' adoption.
AB - OpenID and InfoCard are two mainstream Web single sign-on (SSO) solutions intended for Internet-scale adoption. While they are technically sound, the business model of these solutions does not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). In addition, the pressure from users and identity providers (IdPs) is not strong enough to drive CSPs toward adopting Web SSO. As a result, there are currently over one billion OpenID-enabled user accounts provided by major CSPs, but only a few relying parties. In this paper, we discuss the problem of Web SSO adoption for RPs and argue that solutions in this space must offer RPs sufficient business incentives and trustworthy identity services in order to succeed. We suggest future Web SSO development should investigate and fulfill RPs' business needs, identify IdP business models, and build trust frameworks. Moreover, we propose that Web SSO technology should build identity support into browsers in order to facilitate RPs' adoption.
KW - authentication
KW - infocard
KW - openid
KW - web identity management
KW - web single sign-on
UR - http://www.scopus.com/inward/record.url?scp=78751558943&partnerID=8YFLogxK
U2 - 10.1145/1900546.1900556
DO - 10.1145/1900546.1900556
M3 - Conference contribution
AN - SCOPUS:78751558943
SN - 9781450304153
T3 - Proceedings New Security Paradigms Workshop
SP - 61
EP - 71
BT - Proceedings - New Security Paradigms Workshop 2010, NSPW 2010
Y2 - 21 September 2010 through 23 September 2010
ER -