Summary Timely Disclosure of Privacy Differences among Web SSO Login Options arxiv.org
11,894 words - PDF document - View PDF document
One Line
The text highlights the importance of informed user decisions regarding granting access to personal profile information in web SSO login options due to the lack of privacy information.
Slides
Slide Presentation (8 slides)
Key Points
- Web single sign-on (SSO) login options on popular web applications lack privacy information and users need to make informed decisions about granting access to their personal profile information.
- The prototype tool SPEye generates a privacy comparison of SSO login options at the RP login page, focusing on Facebook, Google, and Apple.
- The ID token is a value issued by an identity provider (IdP) to convey user identity information to the relying party (RP) and contains claims about the user, including basic profile info.
- There are three main code patterns for implementing SSO login options on websites: HTML-based SSO, JavaScript-based SSO, and IdP's SDK-based SSO.
- SPEye is a browser extension that helps users understand and manage privacy permissions when using SSO login options on the web, offering two modes: Focused mode and Comparative mode.
- Some websites use tactics like "permission creep" to gradually request more permissions, potentially misleading users.
Summaries
31 word summary
The text discusses the lack of privacy information in web SSO login options and emphasizes the need for users to make informed decisions about granting access to their personal profile information.
42 word summary
The lack of privacy information provided by web single sign-on (SSO) login options on popular web applications is discussed in the text. The need for users to make informed decisions about granting access to their personal profile information from identity providers (IdP)
551 word summary
The text discusses the lack of privacy information provided by web single sign-on (SSO) login options on popular web applications. It highlights the need for users to make informed decisions about granting access to their personal profile information from identity provider (IdP)
The approach considers privacy differences in permissions for users based on different privacy laws. The prototype tool, SPEye, generates a privacy comparison of SSO login options at the RP login page, focusing on Facebook, Google, and Apple. The tool is designed
The ID token is introduced as a value issued by an IdP to convey user identity information to the RP. It uses the JSON Web Token data structure and contains claims about the user, including basic profile info. OIDC extends OAuth 2.0
The text discusses privacy issues related to Single Sign-On (SSO) login options on the web. It highlights the lack of clarity regarding the data required by different SSO options and the difficulty in comparing privacy choices. The text proposes a browser extension that
The document discusses three main code patterns for implementing single sign-on (SSO) login options on websites: HTML-based SSO, JavaScript-based SSO, and IdP's SDK-based SSO.
1) HTML-based SSO involves embedding S
We found that 44 out of 153 RPs use IdP SDKs, which allows the authorization request parameters to be available in the RP's JavaScript code. This can be analyzed to identify SDK function calls and extract the parameters. Importing multiple
SPEye's client-side design resolves issues related to privacy information in SSO login workflows. It offers two modes: Focused mode, which displays permission information on the IdP login page, and Comparative mode, which compares permissions on the RP login
SPEye is a browser extension that helps users understand and manage privacy permissions when using Single Sign-On (SSO) login options on the web. It consists of four main components: a popup script with a user interface (UI) triggered on a
SPEye is a user interface tool that provides permission information for web single sign-on (SSO) login options. It offers two modes: Focused and Comparative. In Focused mode, SPEye extracts parameters from the current SSO login page
We modified SPEye to confirm our findings. When we resubmitted the request with certain parameters, the RP server responded with a redirect request. Initially, SPEye's requests to the RP's server were blocked, but we discovered that the requests sent
SPEye allows users to compare permissions requested by a website at the initial login prompt, but cannot detect additional permissions requested later. Some websites use tactics to gradually request more permissions, leading to "permission creep" and potentially misleading users. IdP guidelines
Current web single sign-on (SSO) workflows lack transparency in informing users about privacy policies and permissions. The SPEye Chrome extension addresses this issue by extracting information from identity provider (IdP) and relying party (RP) sites to enable real-time
This text excerpt is a list of references and citations from various sources related to privacy and security in web single sign-on (SSO) systems. The references include research papers, RFCs (Request for Comments), and studies on topics such as privacy-pres
The excerpt provides references to various research papers and resources related to the analysis of web Single Sign-On (SSO) systems. It includes details about the implementation of SPEye, a tool used for analyzing SSO login options on RP sites. The tool