Can We Fix the Security Economics of Federated Authentication?

  • Ross Anderson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7114)


There has been much academic discussion of federated authentication, and quite some political manoeuvring about ‘e-ID’. The grand vision, which has been around for years in various forms but was recently articulated in the US National Strategy for Trustworthy Identities in Cyberspace (NSTIC), is that a single logon should work everywhere [1]. You should be able to use your identity provider of choice to log on anywhere; so you might use your driver’s license to log on to Gmail, or use your Facebook logon to file your tax return. More restricted versions include the vision of governments of places like Estonia and Germany (and until May 2010 the UK) that a government-issued identity card should serve as a universal logon. Yet few systems have been fielded at any scale.


Credit Card Call Centre Payment Card Secure Element Debit Card 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    National Strategy for Trusted Identities in Cyberspace,
  2. 2.
    Soghoian, C.: Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era. 8 J. on Telecomm. and High Tech. L. 359,
  3. 3.
  4. 4.
    Anderson, R., Murdoch, S.: Verified by Visa and MasterCard SecureCode—or, How Not to Design Authentication. Financial Cryptography (2010),
  5. 5.
    Sun, S.-T., Boshmaf, Y., Hawkey, K., Beznosov, K.: A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On. LERSSE-RefConfPaper-2010-006,
  6. 6.
    Hudson, A.: Are Call Centres the Factories of the 21st Century? BBC News (March 10, 2011),
  7. 7.
    Shapiro, C., Varian, H.: Information Rules. Harvard Business School Press (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Ross Anderson
    • 1
  1. 1.Computer LaboratoryUniversity of CambridgeCambridgeUK

Personalised recommendations