Poster: OpenIDemail Enabled Browser

Today's Web is site-centric. Web users have to maintain a separate copy of user ID and password for each website, which leads to weaker passwords and password re-use across accounts. Currently, single-domain SSO is not scalable to the Web and federated SSO requires pre-built agreements and trust relationships between identity and service providers. OpenID is promising, but it has usability issues of URI-based identifier scheme and is vulnerable to phishing attacks. In this poster, we describe the architecture, design, and implementation of a proposed system for usable and secure Web single sign-on. Our approach builds OpenID support into web browsers, hides OpenID identifiers from users with their existing email accounts, extends the OpenID protocol to perform authentication directly by browsers, and introduces an OpenIDAuth HTTP access authentication scheme to convey authenticated identities automatically into websites that support OpenID for authentication.