Communications of the ACM
Models for coalition-based access control (CBAC)
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A convenient method for securely managing passwords
WWW '05 Proceedings of the 14th international conference on World Wide Web
Stopping spyware at the gate: a user study of privacy, notice and spyware
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Passpet: convenient password management and phishing protection
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Password management strategies for online accounts
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Web wallet: preventing phishing attacks by revealing user intentions
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
A usability study and critique of two password managers
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Usability and privacy in identity management architectures
ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
Security and identification indicators for browsers against spoofing and phishing attacks
ACM Transactions on Internet Technology (TOIT)
The Venn of Identity: Options and Issues in Federated Identity Management
IEEE Security and Privacy
The Seven Flaws of Identity Management: Usability and Security Challenges
IEEE Security and Privacy
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Secure Web 2.0 Content Sharing Beyond Walled Gardens
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Empirical studies on software notices to inform policy makers and usability designers
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Verified by visa and mastercard securecode: or, how not to design authentication
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
OpenIDemail enabled browser: towards fixing the broken web single sign-on triangle
Proceedings of the 6th ACM workshop on Digital identity management
Client-based authentication technology: user-centric authentication using secure containers
Proceedings of the 7th ACM workshop on Digital identity management
What makes users refuse web single sign-on?: an empirical investigation of OpenID
Proceedings of the Seventh Symposium on Usable Privacy and Security
Can we fix the security economics of federated authentication?
SP'11 Proceedings of the 19th international conference on Security Protocols
Key challenges in defending against malicious socialbots
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Exploration and field study of a password manager using icon-based passwords
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems
Proceedings of the 2012 ACM conference on Computer and communications security
Proceedings of the third ACM conference on Data and application security and privacy
My profile is my password, verify me!: the privacy/convenience tradeoff of facebook connect
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
SAuth: protecting user accounts from password database leaks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Investigating Users’ Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model
ACM Transactions on Internet Technology (TOIT)
| Hi-index | 0.00 |
OpenID and InfoCard are two mainstream Web single sign-on (SSO) solutions intended for Internet-scale adoption. While they are technically sound, the business model of these solutions does not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). In addition, the pressure from users and identity providers (IdPs) is not strong enough to drive CSPs toward adopting Web SSO. As a result, there are currently over one billion OpenID-enabled user accounts provided by major CSPs, but only a few relying parties. In this paper, we discuss the problem of Web SSO adoption for RPs and argue that solutions in this space must offer RPs sufficient business incentives and trustworthy identity services in order to succeed. We suggest future Web SSO development should investigate and fulfill RPs' business needs, identify IdP business models, and build trust frameworks. Moreover, we propose that Web SSO technology should build identity support into browsers in order to facilitate RPs' adoption.