Abstract
The ability to delegate privileges to others is so important to users of online identity systems that users create ad hoc delegation systems by sharing authentication credentials if no other easy delegation mechanism is available. With the rise of internet-scale relationship-based single sign-on protocols like OpenID, the security risks of password sharing are unacceptable. We therefore propose SimpleAuth, a simple modification to relationship-based authentication protocols that gives users a secure way to selectively delegate subsets of their privileges, making identity systems more flexible and increasing user security. We also present a proof-of-concept implementation of the SimpleAuth pattern using the sSRP authentication protocol to demonstrate the generality of our technique.
Degree
MS
College and Department
Physical and Mathematical Sciences; Computer Science
Rights
http://lib.byu.edu/about/copyright/
BYU ScholarsArchive Citation
Cutler, Bryant Gordon, "Simple, Secure, Selective Delegation in Online Identify Systems" (2008). Theses and Dissertations. 1474.
https://scholarsarchive.byu.edu/etd/1474
Date Submitted
2008-07-14
Document Type
Thesis
Handle
http://hdl.lib.byu.edu/1877/etd2515
Keywords
identity, security, delegation, SimpleAuth, SimplePermissions, OpenID, OAuth, identity systems, internet, online, authentication, selective delegation
Language
English