Be the first to like this
OpenID is a widely used single sign-on standard that allows users to access different services using the same authentication. However, its usage poses a number of issues regarding privacy and security.
This paper evaluates the OpenID standard and introduces three mobile strategies, two of which are validated using a prototype implementation. Significant privacy and trust improvements are attained through the use of an identity management architecture that leverages the properties of a tamperproof module. Furthermore, our approach makes OpenID more suitable for omnipresent mobile use. We remain interoperable with the OpenID standard and no modifications to the mobile platform are required.