Light Blue Touchpaper » Blog Archive » Can we Fix Federated Authentication?
Can we Fix Federated Authentication?
March 24th, 2011 at 11:44 UTC by Ross Anderson
My paper Can We Fix the Security Economics of Federated Authentication? asks how we can deal with a world in which your mobile phone contains your credit cards, your driving license and even your car key. What happens when it gets stolen or infected?
Using one service to authenticate the users of another is an old dream but a terrible tar-pit. Recently it has become a game of pass-the-parcel: your newspaper authenticates you via your social networking site, which wants you to recover lost passwords by email, while your email provider wants to use your mobile phone and your phone company depends on your email account. The certification authorities on which online trust relies are open to coercion by governments – which would like us to use ID cards but are hopeless at making systems work. No-one even wants to answer the phone to help out a customer in distress. But as we move to a world of mobile wallets, in which your phone contains your credit cards and even your driving license, we’ll need a sound foundation that’s resilient to fraud and error, and usable by everyone. Where might this foundation be? I argue that there could be a quite surprising answer.
The paper describes some work I did on sabbatical at Google and will appear next week at the Security Protocols Workshop.
Entry filed under: Academic papers, Banking security, Legal issues, Protocols, Security economics, Security engineering, Social networks, Web security
Great paper by Ross Anderson. I like this piece from the first page about SSO:
"There are always systems that just don’t fit. Even in young high-tech firms with everyone trying to pull in the same direction – in short, where there are no security-economics issues of strategic or adversarial behaviour between firms – there are always new apps for which the business case is so strong that exceptions are made to the rules. This should warn us of the inherent limits of any vision of a universal logon working for all people across all systems everywhere."
This is not limited to universal logon; it could also be applied to universal visibility, universal least privilege, universal antivirus coverage, and many others.