What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID Daniel Smith.

Slides:

Advertisements

Similar presentations

SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.

Advertisements

SAP checks if USER ID & Password combination is valid. No identification. User requests Log-on, enters USER ID & Password, (not necessarily their own)!

Access Control Methodologies

FSA ID TRANSITION Ditch the PIN. WHAT IS THE NEW FSA ID AND PASSWORD? U.S. Department of Education has a new login process beginning April 26 th for student-

Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.

Message Design and Content Creation 23 January 2007 Kathy E. Gill.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Virtual Observatory Single Sign-on U.S. National Virtual Observatory National Center for Supercomputing Applications Ray Plante, Bill Baker.

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.

General INCLUSION. General INCLUSION What inclusion is and how to implement it. Creating a classroom environment that supports inclusion. The committee.

Securing Squid (Proxy) Using Digest Authentication.

INCOSE.ORG MIGRATION SharePoint 2013 Presented by Betty Morimoto.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

1 Chapter 11 Drivers of online-selling diffusion.

Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.

What makes users refuse web single sign-on? An empirical investigation of OpenID S.-T. Sun, E. Pospisil, I. Muslukhov, N. Dindar, K. Hawkey, and K. Beznosov.

SASL-SAML update Klaas Wierenga Kitten WG 9-Nov-2010.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Integrating with UCSF’s Shibboleth system

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Identity on Force.com & Benefits of SSO Nick Simha.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A.

STANDARDS COORDINATION COMMITTEE PLENARY BREAKOUT 18 SEPTEMBER 2014 Interoperability Requirements.

Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.

An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.

Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.

Second Line Intrusion Detection Using Personalization DISA Sponsored GWU-CS.

Qaforum Security Structure. What’s SSO Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a.

SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.

Security, Accounting, and Assurance Mahdi N. Bojnordi 2004

Review Of Single Sign On Systems Mansee A. Mongia 05 th March,2008.

THE DEVIL IS IN THE (IMPLEMENTATION) DETAILS: AN EMPIRICAL ANALYSIS OF OAUTH SSO SYSTEMS SAN-TSAI SUN & KONSTANTIN BEZNOSOV PRESENTED BY: NAZISH KHAN COMPSCI.

Scenario w/ WS-Federation to SAML 2.0 interop challenge for Danish public sector The following slides illustrates in a basic manner the technical/security.

Yuchen Zhou and David Evans Presented by Simon du Preez Compsci 726 SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

January 19-21, 2011 Washington, D.C. GEOSS Data Sharing Task Force 2011 Scoping Meeting 1 GEOSS Data CORE and the GCI User Registration.

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.

15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.

Experiences Deploying OpenID for a Broad User Base Security and Usability Considerations Breno de Medeiros Identity Management 2009, September

Improving the Usability and Security of OpenID Mike Jones Microsoft Federated Identity Team

CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Web site lifecycles Problem is that web sites live forever –Out of date sites with.

CLASSe PROJECT: IMPROVING SSO IN THE CLOUD Alejandro Pérez Rafael Marín Gabriel López

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Pasco County Schools will be utilizing myPascoConnect as a Single Sign On (SSO) solution which will provide a way for all district students and employees.

11 | Managing User Info Jeremy Foster Michael Palermo

GEOSS Federated Single Sign-On

The Student Classlink Dashboard

New York regional information centers

WLCG Update Hannah Short, CERN Computer Security.

Federation made simple

CAS and Web Single Sign-on at UConn

Data and Applications Security Developments and Directions

dCache, towards Federated Identities and Anonymized Delegation

MMA MarketLink Easy, step by step enrollment!

ESA Single Sign On (SSO) and Federated Identity Management

Multifactor Authentication & First Time Login

The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.

Trust is a Two-Way Street Ebony Buckley

Google Drive Use personal google account IF you actually know the password. Log on with school credentials if not: User:

Presentation transcript:

What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID Daniel Smith

Summary Explores why users choose not to use single sign-on Proposes and prototypes an identity enabled web browser

Appreciative comment Identification bad users’ incorrect mental model or understanding of SSO Important for identification providers as well as services that allow SSO “most (71%) held the incorrect belief that the OpenID credentials are being given to the content providers” “Many (69%) of our participants entered their IdP and password into the traditional login form directly or believed that the website must be integrated with the IdPs in some way... “ “users' security misconceptions negatively impact their adoption intention”

Critical comment That browsers should provide SSO support Motivation What is the motivation for browser developers? Websites still need to have SSO “websites do not want to change their authentication procedures until a critical mass of users have adopted Web SSO, and users have little incentive to employ the technology unless many of their websites are supported” “As the browser is the central piece that communicates with all actors in the identity ecosystem, it can potentially provide driving forces for RPs to adopt SSO if it is directly augmented with identity support”

Critical comment That browsers should provide SSO support Implementation Is browser based support even possible without cooperation from the websites? “Thus, we decided to employ a Wizard of Oz approach to make it appear to participants that the websites used in the studies have adopted our new approach.” “In order to build OpenID support directly into the browser, we could have adopted the OPenID protocol extensions proposed by Sun et al... … However, as the websites in our study had not yet adopted the protocol extensions…”

Is there any motivation for browsers to provide SSO support?