The ability to delegate privileges to others is so important to users of online identity systems that users create ad hoc delegation systems by sharing authentication credentials if no other easy delegation mechanism is available. With the rise of internet-scale relationship-based single sign-on protocols like OpenID, the security risks of password sharing are unacceptable. We therefore propose SimpleAuth, a simple modification to relationship-based authentication protocols that gives users a secure way to selectively delegate subsets of their privileges, making identity systems more flexible and increasing user security. We also present a proof-of-concept implementation of the SimpleAuth pattern using the sSRP authentication protocol to demonstrate the generality of our technique.
College and Department
Physical and Mathematical Sciences; Computer Science
BYU ScholarsArchive Citation
Cutler, Bryant Gordon, "Simple, Secure, Selective Delegation in Online Identify Systems" (2008). Theses and Dissertations. 1474.
identity, security, delegation, SimpleAuth, SimplePermissions, OpenID, OAuth, identity systems, internet, online, authentication, selective delegation