Is OpenID too Open? Technical, Business, and Human Issues That Get in the Way of OpenID and Ways of Addressing Them

The web is essential for business and personal activities well beyond information retrieval, such online banking, financial transactions, and payment authorization, but reliable user authentication remains a challenge. OpenID is a mainstream Web single sign-on (SSO) solution intended for Internet-scale adoption. There are currently over one billion OpenID-enabled user accounts provided by major content-hosting and service providers (CSPs), e.g., Yahoo!, Google, Facebook, but only a few relying parties that allow users to use their OpenID credentials for SSO. Why is that? I presented at Eurecom an overview OpenID, and then discussed weaknesses of (1) the protocol and its implementations, (2) the business model behind it, and (3) the user interface. The talk concluded with a discussion of a proposal for addressing some of OpenID issues.

See presentation slides for more details.

CHI Work in Progress to Feature LERSSE Research

This year, in Vancouver, Work In Progress Posters session of SIG CHI Conference will feature three research projects of my graduate students.

Continue reading

Undergrad Security Course Features Cool Projects

Students in my undergraduate computer security course had done several excellent projects. You can watch video clips of the projects or read reports.

Continue reading

Lessons learned from studying users’ mental models of security

In the course of past three years at LERSSE, we have done several studies that helped us to further the understanding of users’ mental models, when it comes to security. Continue reading

Single Sign On on the Web: What’s broken and What can be fixed?

With Ph.D. student San-Tsai Sun, we have been investigating single-sign-on for Web. Continue reading

Understanding Wants and Needs of Personal Firewall Users

I’ve presented results of a user study by my graduate student Fahimeh Raja at SafeConfig. She conducted semi-structured interviews with a diverse set of participants to gain an understanding of their knowledge, requirements, perceptions, and misconceptions of personal firewalls. There are several interesting findings. Continue reading

SOUPS Features LERSSE Research

LERSSE graduate students presented their research at the Symposium on Usable Security Privacy and Security (SOUPS). Here is a summary of the presented research: Continue reading