Can We Fix the Security Economics of Federated Authentication?
There has been much academic discussion of federated authentication, and quite some political manoeuvring about ‘e-ID’. The grand vision, which has been around for years in various forms but was recently articulated in the US National Strategy for Trustworthy Identities in Cyberspace (NSTIC), is that a single logon should work everywhere . You should be able to use your identity provider of choice to log on anywhere; so you might use your driver’s license to log on to Gmail, or use your Facebook logon to file your tax return. More restricted versions include the vision of governments of places like Estonia and Germany (and until May 2010 the UK) that a government-issued identity card should serve as a universal logon. Yet few systems have been fielded at any scale.
KeywordsCredit Card Call Centre Payment Card Secure Element Debit Card
Unable to display preview. Download preview PDF.
- 1.National Strategy for Trusted Identities in Cyberspace, http://www.nist.gov/nstic
- 2.Soghoian, C.: Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era. 8 J. on Telecomm. and High Tech. L. 359, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1421553
- 3.SPKI/SDSI Certificates, http://world.std.com/~cme/html/spki.html
- 4.Anderson, R., Murdoch, S.: Verified by Visa and MasterCard SecureCode—or, How Not to Design Authentication. Financial Cryptography (2010), http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf
- 5.Sun, S.-T., Boshmaf, Y., Hawkey, K., Beznosov, K.: A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On. LERSSE-RefConfPaper-2010-006, http://lersse-dl.ece.ubc.ca/record/244
- 6.Hudson, A.: Are Call Centres the Factories of the 21st Century? BBC News (March 10, 2011), http://www.bbc.co.uk/news/magazine-12691704
- 7.Shapiro, C., Varian, H.: Information Rules. Harvard Business School Press (1998)Google Scholar