60 likes | 154 Vues
What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID. Daniel Smith. Summary. Explores why users choose not to use single sign-on Proposes and prototypes an identity enabled web browser. A ppreciative comment.
E N D
What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID Daniel Smith
Summary • Explores why users choose not to use single sign-on • Proposes and prototypes an identity enabled web browser
Appreciative comment • Identification bad users’ incorrect mental model or understanding of SSO • Important for identification providers as well as services that allow SSO “most (71%) held the incorrect belief that the OpenID credentials are being given to the content providers” “Many (69%) of our participants entered their IdP email and password into the traditional login form directly... ... or believed that the website must be integrated with the IdPs in some way... “ “users' security misconceptions negatively impact their adoption intention”
Critical commentThat browsers should provide SSO support • Motivation • What is the motivation for browser developers? • Websites still need to have SSO “websites do not want to change their authentication procedures until a critical mass of users have adopted Web SSO, and users have little incentive to employ the technology unless many of their websites are supported” “As the browser is the central piece that communicates with all actors in the identity ecosystem, it can potentially provide driving forces for RPs to adopt SSO if it is directly augmented with identity support”
Critical commentThat browsers should provide SSO support • Implementation • Is browser based support even possible without cooperation from the websites? “In order to build OpenID support directly into the browser, we could have adopted the OPenID protocol extensions proposed by Sun et al... … However, as the websites in our study had not yet adopted the protocol extensions…” “Thus, we decided to employ a Wizard of Oz approach to make it appear to participants that the websites used in the studies have adopted our new approach.”
Is there any motivation for browsers to provide SSO support?