Can We Fix the Security Economics of Federated Authentication?
暂无分享,去创建一个
There has been much academic discussion of federated authentication, and quite some political manoeuvring about ‘e-ID'. The grand vision, which has been around for years in various forms but was recently articulated in the US National Strategy for Trustworthy Identities in Cyberspace (NSTIC), is that a single logon should work everywhere [1]. You should be able to use your identity provider of choice to log on anywhere; so you might use your driver's license to log on to Gmail, or use your Facebook logon to file your tax return. More restricted versions include the vision of governments of places like Estonia and Germany (and until May 2010 the UK) that a government-issued identity card should serve as a universal logon. Yet few systems have been fielded at any scale.
[1] Kirstie Hawkey,et al. A billion keys, but few locks: the crisis of web single sign-on , 2010, NSPW '10.
[2] Dale A. Stirling,et al. Information rules , 2003, SGMD.
[3] Christopher Soghoian,et al. Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era , 2009, J. Telecommun. High Technol. Law.
[4] Steven J. Murdoch,et al. Verified by Visa and MasterCard SecureCode: Or, How Not to Design Authentication , 2010, Financial Cryptography.