Enhancing OpenID through a reputation framework

  • Authors:
  • Félix Gómez Mármol;Marcus Quintino Kuhnen;Gregorio Martínez Pérez

  • Affiliations:
  • NEC Laboratories Europe, Heidelberg, Germany;NEC Laboratories Europe, Heidelberg, Germany;Departamento de Ingeniería de la Información y las Comunicaciones, University of Murcia, Murcia, Spain

  • Venue:
  • ATC'11 Proceedings of the 8th international conference on Autonomic and trusted computing
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

OpenID is an open standard providing a decentralised authentication mechanism to end users. It is based on a unique URL (Uniform Resource Locator) or XRI (Extensible Resource Identifier) as identifier of the user. This fact of using a single identifier confers this approach an interesting added-value when users want to get access to different services in the Internet, since users do not need to create a new account on every website they are visiting. However, OpenID providers are usually also being used as a point to store certain personal attributes of the end users, which might be of interest for any service provider willing to make profit from collecting that personal information. The definition of a reputation management solution integrated as part of the OpenID protocol can help users to determine whether certain service provider is more or less reliable before interacting with it and transferring their private information. This paper is providing the definition of a reputation framework that can be applied to the OpenID SSO (Single Sign-On) standard solution. It also defines how the protocol itself can be enhanced so OpenID providers can collect (and provide) recommendations from (to) users regarding different service providers and thus enhancing the users' experience when using OpenID.