Comparative Analysis and Framework Evaluating Web Single Sign-On Systems
We perform a comprehensive analysis and comparison of 14 web SSO systems proposed and/or deployed within the last decade, including both federated identity and credential/password management schemes. We identify common design properties and use them to develop a taxonomy for SSO schemes, highlighting the associated trade-offs in benefits offered. We develop a framework to evaluate the schemes, in which we identify 14 security, usability, deployability, and privacy benefits. We also discuss how differences in priorities between users, SPs, and IdPs impact the design and deployment of SSO schemes.
READ FULL TEXT