We perform a comprehensive analysis and comparison of 14 web single sign-on (SSO) systems proposed and/or deployed over the past decade, including federated identity and credential/password management schemes. We identify common design properties and use them to develop a taxonomy for SSO schemes, highlighting the associated tradeoffs in benefits (positive attributes) offered. We develop a framework to evaluate the schemes, in which we identify 14 security, usability, deployability, and privacy benefits. We also discuss how differences in priorities between users, service providers, and identity providers impact the design and deployment of SSO schemes.

中文翻译：

---

比较分析和框架评估 Web 单点登录系统

我们对过去十年提出和/或部署的 14 个 Web 单点登录 (SSO) 系统进行了全面分析和比较，包括联合身份和凭证/密码管理方案。我们确定了常见的设计属性并使用它们来开发 SSO 方案的分类法，突出显示所提供的利益（积极属性）的相关权衡。我们开发了一个框架来评估这些方案，其中我们确定了 14 个安全性、可用性、可部署性和隐私优势。我们还讨论了用户、服务提供者和身份提供者之间的优先级差异如何影响 SSO 方案的设计和部署。