sso project presentation

7/28/2019 SSO Project Presentation

1/19

Centralizing the DecentralThe Value Implications O

Single Sign-on ServicesKartik Rishi Teresa Lam Augustus Yuan Scott Kuehnert


2/19

Agenda

SSO ProvidersWe provide an analysis of three large SSO services on how they treat users and

SSO Users

An in-depth look on the prevalence of SSO as a service through an empirical in

SSO IntegratorsA quick look at the utilization of SSO systems by existing services

Introduction & Stakeholders

Understand the premise behind why we conducted our study and a glimpse in the direct/indirect stakeholders interact with Single Sign-On services.

Best Practices & ConclusionBy synthesizing the work that weve done, we have some methods that users castay safe and secure online.


3/19

intro

Internet is Growing

Everyone knows this, its huge.

Self-IdentityOur constant interactions online establish our personal identity onli

Growing ServicesThe amount of businesses/services online for users is growing expone

Points of AuthorityA growing trend where services act to authenticate you as a unique ind


4/19

Stakeholders

Direct Stakeholders Indirect Stakeholde

SSO Users

SSO IntegratorsEx. Groupon, LivingSocial

SSO ProvidersEx. Facebook, Google, OpenID

Government

Data Aggregation Ser

Marketing Agencie


5/19

SSO Integrators

Stack Exchange A collection of sites focusing on Questions & Answers service

Focuses on convenience of the userAllows access to 90+ sites with one accountManage accounts easier and provide profiles for career employe

Social Deals A type of service that uses social media to target niche markets w

Focuses on the personalization of the userSpecifically target ads/deals based on user interests

Wolfram-Alpha Computational engine used to understand Big Data through

Focuses on making data accessible to the userDevelops algorithms to improve site services based on user entri


6/19

SS

Methods & DemographicsWe utilized Amazon Mturk to reach a far and greater audience in a short period

Age n %18-21 17 12%22-25 43 30.3%26-30 41 28.9%31-40 28 19.7%41-50 9 6.3%51-60 3 2.1%61-70 1 0.7%

Gender n %

Male 94 66.2%

Female 48 33.8%

Country n

India 116

USA 17

Pakistan 2

Other 7


7/19

SS

Why do you use Single Sign-On services?

Its easy and convenient

Much easier and fast to sign up to website with this service

It provides security as one time login and logout. Also no need to remempasswords every time

SSO services are quite easy to use and fast as well. It reduces the threat ofand many other online privacy issues. Hence using SSO services is safe an


8/19

SS

Why do you use Single Sign-On services?


9/19

SS

Usage of SSOs vs Privacy violation in the future?Do you ever worry that your privacy might be violated in the future? Please mark the sca

1. Not Worried At All: 47/142 and 32/47 = 68.1% use SSOs

2. Somewhat Worried: 17/142 and 9/17 = 52.9% use SSOs

3. Neutral: 26/142 and 13/26 = 50% use SSOs

4. Worried: 33/142 and 19/33 = 57.6% use SSOs

5. Extremely Worried: 19/142 and 10/19 = 52.6% use SSOs


10/19

SS

Privacy Violated in Past vs Privacy Violated in Future

Only 11 out of the 142 participants actually had their privacy violatepast.

72.7% of the 11 participants answered either a 5 Extremely Worried or a

for their privacy being violated in the future.

This shows that people who had their privacy violated in the past are moreabout their future privacy.


11/19

SSO Providers

Motivation

Develop a better understanding of SSO systems &provide useful research

Prior ResearchUtilized research done by privacychoice.org &knowprivacy.org

MethodsRead through privacy- and data use- policies atleast twice:

Once to get an overview of the text and locationsof certain types of clauses

Again to mark specific locations of text


12/19

SSO Providers

Methods Draft a list of specific allowances Create a table to track occurrences of each

allowance Each value in brackets refers to a specific

policy

Findings More focus on data collection in Google More focus on data sharing from Facebook More focus on the rights of companies vs.

rights of users


13/19

SSO Providers


14/19

SSO Providers


15/19

SSO Providers


16/19

SSO Providers


17/19

SSO Providers

FindingsNo companies had explicit policieto government access attempts

No companies explicitly share infoget about you from third parties

ConclusionsPros: Quantitative Allows for direct comparison oCons: Not comprehensive Can be misleading


18/19

Best Pr

Be Mindful On The Value of YOUUnderstand the value of your identity online and your stake in web security

Stay Up-To-DatePolicies change and being knowledgable about updates can keep you better info

Manage Access To Your InformationDetermine if you no longer use services and shut them down to control data acc

Evaluate The Value Of Services UsedTake a chance to think about whether you really should use some services online

Manage Different Kinds of DataConduct an audit of what kinds of information you have online, and control it


19/19

Questions?We Have Answers.

sso project presentation

Documents