Comparative Analysis and Framework Evaluating Web Single Sign-On Systems
This work addresses the need for systematic evaluation of SSO systems for users, service providers, and identity providers, but it is incremental as it builds on existing schemes without introducing new methods.
The paper tackled the problem of evaluating web single sign-on (SSO) systems by analyzing 14 schemes to develop a taxonomy and framework, identifying 14 benefits across security, usability, deployability, and privacy without providing concrete numerical results.
We perform a comprehensive analysis and comparison of 14 web single sign-on (SSO) systems proposed and/or deployed over the last decade, including federated identity and credential/password management schemes. We identify common design properties and use them to develop a taxonomy for SSO schemes, highlighting the associated trade-offs in benefits (positive attributes) offered. We develop a framework to evaluate the schemes, in which we identify 14 security, usability, deployability, and privacy benefits. We also discuss how differences in priorities between users, service providers (SPs), and identity providers (IdPs) impact the design and deployment of SSO schemes.