Comparative Analysis and Framework Evaluating Web Single Sign-On Systems

TL;DR

This paper provides a comprehensive comparison and evaluation framework for 14 web SSO systems, analyzing their design trade-offs, benefits, and the influence of stakeholder priorities.

Contribution

It introduces a taxonomy and a multi-criteria framework for evaluating SSO schemes, highlighting their benefits and design trade-offs.

Findings

Identified common design properties of SSO systems

Developed a taxonomy categorizing SSO schemes

Created a framework evaluating security, usability, deployability, and privacy

Abstract

We perform a comprehensive analysis and comparison of 14 web single sign-on (SSO) systems proposed and/or deployed over the last decade, including federated identity and credential/password management schemes. We identify common design properties and use them to develop a taxonomy for SSO schemes, highlighting the associated trade-offs in benefits (positive attributes) offered. We develop a framework to evaluate the schemes, in which we identify 14 security, usability, deployability, and privacy benefits. We also discuss how differences in priorities between users, service providers (SPs), and identity providers (IdPs) impact the design and deployment of SSO schemes.