A billion keys, but few locks

San-Tsai Sun, Yazan Boshmaf, Kirstie Hawkey, Konstantin Beznosov
2010 Proceedings of the 2010 workshop on New security paradigms - NSPW '10  
OpenID and InfoCard are two mainstream Web single signon (SSO) solutions intended for Internet-scale adoption. While they are technically sound, the business model of these solutions does not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). In addition, the pressure from users and identity providers (IdPs) is not strong enough to drive CSPs toward adopting Web SSO. As a result, there are currently over one billion OpenID-enabled
more » ... n OpenID-enabled user accounts provided by major CSPs, but only a few relying parties. In this paper, we discuss the problem of Web SSO adoption for RPs and argue that solutions in this space must offer RPs sufficient business incentives and trustworthy identity services in order to succeed. We suggest future Web SSO development should investigate and fulfill RPs' business needs, identify IdP business models, and build trust frameworks. Moreover, we propose that Web SSO technology should build identity support into browsers in order to facilitate RPs' adoption.
doi:10.1145/1900546.1900556 dblp:conf/nspw/SunBHB10 fatcat:sjqbjtmypnemhk55sppo4zgoe4