Audit based privacy preservation for the OpenID authentication protocol

This paper studies a privacy vulnerability within OpenID, a distributed single sign on protocol. An OpenID system consists of three components: User Agent (UA); Relying Party - A web application that a UA would like to authenticate with using their unique identifier; and Identity Provider - A web server that provides a globally unique identifier for the UA and validates the identity of UAs on behalf of Relying Parties. The privacy vulnerability has been identified in existing literatures. However, no effective solution has been proposed to date. In this paper, we present an effective scheme to mitigate this vulnerability. In order for OpenID to gain wider acceptance, this vulnerability must be addressed with a solution that is convenient to the users of single sign on. We propose a method for mitigating this vulnerability by creating vertical levels of trust between constituents of an OpenID network through expanding the role of OpenID Identity Providers to include auditing OpenID Relying Parties for privacy vulnerabilities. In addition, Identity Providers may keep records of audits that identify Relying Parties that do not protect the privacy of OpenID users. The primary issue with this privacy vulnerability is that it is completely transparent - it occurs without the user ever being aware that it is happening. We cannot force Relying Parties to guarantee the privacy of OpenID users, nor would we like to burden individual users with browser level solutions that are often overly technical and difficult to understand. We have designed an audit solution at the level of the Identity Provider, which can accurately inform users when Relying Parties may be sharing information with third parties, therefore giving OpenID users the ability to make a conscious choice to share that information. We have performed real network experiments to validate our scheme, and the experimental results show that our scheme is effective.