OpenID is an open standard providing a decentralised authentication mechanism to end users. It is based on a unique URL (Uniform Resource Locator) or XRI (Extensible Resource Identifier) as identifier of the user. This fact of using a single identifier confers this approach an interesting added-value when users want to get access to different services in the Internet, since users do not need to create a new account on every website they are visiting. However, OpenID providers are usually also being used as a point to store certain personal attributes of the end users, which might be of interest for any service provider willing to make profit from collecting that personal information. The definition of a reputation management solution integrated as part of the OpenID protocol can help users to determine whether certain service provider is more or less reliable before interacting with it and transferring their private information. This paper is providing the definition of a reputation framework that can be applied to the OpenID SSO (Single Sign-On) standard solution. It also defines how the protocol itself can be enhanced so OpenID providers can collect (and provide) recommendations from (to) users regarding different service providers and thus enhancing the users’ experience when using OpenID.

This work would not have been possible without the inestimable contribution of:

• Marcus Q. Kuhnen
• Gregorio Martínez Pérez

Félix Gómez Mármol, Marcus Q. Kuhnen, Gregorio Martínez Pérez, «Enhancing OpenID through a Reputation Framework«, 8th International Conference on Autonomic and Trusted Computing (ATC2011), Banff (Canada), 02-04/09/2011

• Website: 8th International Conference on Autonomic and Trusted Computing (ATC2011)
• Date: 02-04/09/2011
• Venue: Banff Centre for Arts and Creativity, Banff (Canada)