Abstract

The ability to delegate privileges to others is so important to users of online identity systems that users create ad hoc delegation systems by sharing authentication credentials if no other easy delegation mechanism is available. With the rise of internet-scale relationship-based single sign-on protocols like OpenID, the security risks of password sharing are unacceptable. We therefore propose SimpleAuth, a simple modification to relationship-based authentication protocols that gives users a secure way to selectively delegate subsets of their privileges, making identity systems more flexible and increasing user security. We also present a proof-of-concept implementation of the SimpleAuth pattern using the sSRP authentication protocol to demonstrate the generality of our technique.

Degree

MS

College and Department

Physical and Mathematical Sciences; Computer Science

Rights

http://lib.byu.edu/about/copyright/

Date Submitted

2008-07-14

Document Type

Thesis

Handle

http://hdl.lib.byu.edu/1877/etd2515

Keywords

identity, security, delegation, SimpleAuth, SimplePermissions, OpenID, OAuth, identity systems, internet, online, authentication, selective delegation

Share

COinS