1 / 6

What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID

What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID. Daniel Smith. Summary. Explores why users choose not to use single sign-on Proposes and prototypes an identity enabled web browser. A ppreciative comment.

leanne
Download Presentation

What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID Daniel Smith

  2. Summary • Explores why users choose not to use single sign-on • Proposes and prototypes an identity enabled web browser

  3. Appreciative comment • Identification bad users’ incorrect mental model or understanding of SSO • Important for identification providers as well as services that allow SSO “most (71%) held the incorrect belief that the OpenID credentials are being given to the content providers” “Many (69%) of our participants entered their IdP email and password into the traditional login form directly... ... or believed that the website must be integrated with the IdPs in some way... “ “users' security misconceptions negatively impact their adoption intention”

  4. Critical commentThat browsers should provide SSO support • Motivation • What is the motivation for browser developers? • Websites still need to have SSO “websites do not want to change their authentication procedures until a critical mass of users have adopted Web SSO, and users have little incentive to employ the technology unless many of their websites are supported” “As the browser is the central piece that communicates with all actors in the identity ecosystem, it can potentially provide driving forces for RPs to adopt SSO if it is directly augmented with identity support”

  5. Critical commentThat browsers should provide SSO support • Implementation • Is browser based support even possible without cooperation from the websites? “In order to build OpenID support directly into the browser, we could have adopted the OPenID protocol extensions proposed by Sun et al... … However, as the websites in our study had not yet adopted the protocol extensions…” “Thus, we decided to employ a Wizard of Oz approach to make it appear to participants that the websites used in the studies have adopted our new approach.”

  6. Is there any motivation for browsers to provide SSO support?

More Related