Single Sign On on the Web: What’s broken and What can be fixed?
With Ph.D. student San-Tsai Sun, we have been investigating single-sign-on for Web. We have been looking at usability, business, and technical aspects of web single sign on (SSO) solutions: He has analyzed OpenID protocol and 200 OpenID-enabled web sitesand found, among other things, that 50% of OpenID-enabled websites are vulnerable to cross-site request forgery attack (CSRF), […]