SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web
Single Sign-On (SSO) systems, such as OpenID and OAuth, allow web sites, so-called Relying Parties (RPs), to delegate user authentication to Identity Providers (IdPs), such as Facebook or Google. These systems are very popular, as they provide a convenient means for users to log in at RPs and move much of the burden of user authentication from RPs to IdPs. There is, however, a downside to current systems, as they do not respect users' privacy: IdPs learn at which RP a user logs in. With one exception, namely Mozilla's BrowserID system (a.k.a. Mozilla Persona), current SSO systems were not even designed with user privacy in mind.