Longitudinal Analysis of the Third-party Authentication Landscape
2016 (English)Conference paper (Refereed)
Many modern websites offer single sign-on (SSO) services, which allow the user to use an existing account with a third-party website such as Facebook to authenticate. When using SSO the user must approve an app-rights agreement that specifies what data related to the user can be shared between the two websites and any actions (e.g., posting comments) that the origin website is allowed to perform on behalf of the user on the third-party provider (e.g., Facebook). Both cross-site data sharing and actions performed on behalf of the user can have significant privacy implications. In this paper we present a longitudinal study of the third-party authentication landscape, its structure, and the protocol usage, data sharing, and actions associated with individual third-party relationships. The study captures the current state, changes in the structure, protocol usage, and information leakage risks.
Place, publisher, year, edition, pages
Internet Society , 2016.
IdentifiersURN: urn:nbn:se:liu:diva-127301DOI: 10.14722/ueop.2016.23008ISBN: 1-891562-44-4OAI: oai:DiVA.org:liu-127301DiVA: diva2:921166
NDSS Workshop on Understanding and Enhancing Online Privacy Workshop (UEOP@NDSS).21-24 February 2016 Catamaran Resort Hotel & Spa in San Diego, California