Beruflich Dokumente
Kultur Dokumente
Agenda
Introduction & Stakeholders SSO Integrators SSO Users
Understand the premise behind why we conducted our study and a glimpse in to how the direct/indirect stakeholders interact with Single Sign-On services. A quick look at the utilization of SSO systems by existing services An in-depth look on the prevalence of SSO as a service through an empirical investigation
SSO Providers
We provide an analysis of three large SSO services on how they treat users and their data
By synthesizing the work that weve done, we have some methods that users can adopt to stay safe and secure online.
introduction
Everyone knows this, its huge.
Internet is Growing
Self-Identity
Growing Services
Points of Authority
Stakeholders
Direct Stakeholders SSO Users
Ex. Groupon, LivingSocial
SSO Integrators
Stack Exchange A collection of sites focusing on Questions & Answers services Focuses on convenience of the user Allows access to 90+ sites with one account Manage accounts easier and provide profiles for career employers Social Deals A type of service that uses social media to target niche markets with deals. Focuses on the personalization of the user Specifically target ads/deals based on user interests Wolfram-Alpha Computational engine used to understand Big Data through human lens Focuses on making data accessible to the user Develops algorithms to improve site services based on user entries & data
SSO Users
Methods & Demographics
Age
18-21 22-25 26-30 31-40 41-50 51-60 61-70
We utilized Amazon Mturk to reach a far and greater audience in a short period of time.
n
17 43 41 28 9 3 1
%
12% 30.3% 28.9% 19.7% 6.3% 2.1% 0.7%
Gender
Country
116
81.7%
17
12%
1.4%
4.9%
SSO Users
Why do you use Single Sign-On services?
Its easy and convenient Much easier and fast to sign up to website with this service It provides security as one time login and logout. Also no need to remember all the passwords every time SSO services are quite easy to use and fast as well. It reduces the threat of phishing and many other online privacy issues. Hence using SSO services is safe and secure.
SSO Users
Why do you use Single Sign-On services?
SSO Users
Usage of SSOs vs Privacy violation in the future?
1.
Do you ever worry that your privacy might be violated in the future? Please mark the scale from 1 5:
2. Somewhat Worried: 17/142 and 9/17 = 52.9% use SSOs 3. Neutral: 26/142 and 13/26 = 50% use SSOs 4. Worried: 33/142 and 19/33 = 57.6% use SSOs 5. Extremely Worried: 19/142 and 10/19 = 52.6% use SSOs
SSO Users
Privacy Violated in Past vs Privacy Violated in Future Only 11 out of the 142 participants actually had their privacy violated in the
past. 72.7% of the 11 participants answered either a 5 Extremely Worried or a 4 Worried
This shows that people who had their privacy violated in the past are more concerned about their future privacy.
SSO Providers
Motivation
Develop a better understanding of SSO systems & provide useful research
Prior Research
Methods
Once to get an overview of the text and locations of certain types of clauses Again to mark specific locations of text
SSO Providers
Draft a list of specific allowances Create a table to track occurrences of each allowance Each value in brackets refers to a specific policy
Methods
Findings
More focus on data collection in Google More focus on data sharing from Facebook More focus on the rights of companies vs.
rights of users
SSO Providers
SSO Providers
SSO Providers
SSO Providers
SSO Providers
Findings
No companies had explicit policies to alert users to government access attempts No companies explicitly share information they get about you from third parties
Conclusions
Pros: Quantitative Allows for direct comparison of policies Cons: Not comprehensive Can be misleading
Best Practices
Be Mindful On The Value of YOU Stay Up-To-Date
Understand the value of your identity online and your stake in web security Policies change and being knowledgable about updates can keep you better informed
Determine if you no longer use services and shut them down to control data access Conduct an audit of what kinds of information you have online, and control it
Take a chance to think about whether you really should use some services online