{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T16:52:39Z","timestamp":1775667159088,"version":"3.50.1"},"reference-count":76,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2013,11,1]],"date-time":"2013-11-01T00:00:00Z","timestamp":1383264000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Technol."],"published-print":{"date-parts":[[2013,11]]},"abstract":"<jats:p>OpenID and OAuth are open and simple Web SSO protocols that have been adopted by major service providers, and millions of supporting Web sites. However, the average user\u2019s perception of Web SSO is still poorly understood. Through several user studies, this work investigates users\u2019 perceptions and concerns when using Web SSO for authentication. We found that our participants had several misconceptions and concerns that impeded their adoption. This ranged from their inadequate mental models of Web SSO, to their concerns about personal data exposure, and a reduction in perceived Web SSO value due to the employment of password management practices. Informed by our findings, we offer a Web SSO technology acceptance model, and suggest design improvements.<\/jats:p>","DOI":"10.1145\/2532639","type":"journal-article","created":{"date-parts":[[2013,12,4]],"date-time":"2013-12-04T14:04:47Z","timestamp":1386165887000},"page":"1-35","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":20,"title":["Investigating Users\u2019 Perspectives of Web Single Sign-On"],"prefix":"10.1145","volume":"13","author":[{"given":"San-Tsai","family":"Sun","sequence":"first","affiliation":[{"name":"University of British Columbia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eric","family":"Pospisil","sequence":"additional","affiliation":[{"name":"University of British Columbia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ildar","family":"Muslukhov","sequence":"additional","affiliation":[{"name":"University of British Columbia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nuray","family":"Dindar","sequence":"additional","affiliation":[{"name":"University of British Columbia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kirstie","family":"Hawkey","sequence":"additional","affiliation":[{"name":"Dalhousie University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Konstantin","family":"Beznosov","sequence":"additional","affiliation":[{"name":"University of British Columbia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2013,11]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/322796.322806"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2003.08.010"},{"key":"e_1_2_1_3_1","unstructured":"Atkinson B. Della-Libera G. Hada S. Hondo M. Hallam-Baker P. Klein J. Lamacchia B. Leach P. Manferdelli J. Maruyama H. Nadalin A. Nagaratnam N. Prafull Chandra H. Shewchuk J. and Simon D. 2002. Web services security (ws-security) v1.0. Tech. rep. IBM Microsoft Verisign.  Atkinson B. Della-Libera G. Hada S. Hondo M. Hallam-Baker P. Klein J. Lamacchia B. Leach P. Manferdelli J. Maruyama H. Nadalin A. Nagaratnam N. Prafull Chandra H. Shewchuk J. and Simon D. 2002. Web services security (ws-security) v1.0. Tech. rep. IBM Microsoft Verisign."},{"key":"e_1_2_1_4_1","volume-title":"Proceedings of the Workshop on Web 2.0 Security and Privacy.","author":"Austel P."},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the 15th USENIX UNIX Security Symposium. 1--16","author":"Chiasson S."},{"key":"e_1_2_1_6_1","unstructured":"Committee X. T. 2005. OASIS eXtensible Access Control Markup Language (XACML) version 2.0. OASIS Standard.  Committee X. T. 2005. OASIS eXtensible Access Control Markup Language (XACML) version 2.0. OASIS Standard."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.35.8.982"},{"key":"e_1_2_1_8_1","unstructured":"deVault J. Tretick B. and Ogorzelec K. 2002. Privacy and independent verification: What consumers want. http:\/\/consumerprivacyguide.com\/privacy\/ccp\/verification1.pdf.  deVault J. Tretick B. and Ogorzelec K. 2002. Privacy and independent verification: What consumers want. http:\/\/consumerprivacyguide.com\/privacy\/ccp\/verification1.pdf."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.49"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1124772.1124861"},{"key":"e_1_2_1_11_1","unstructured":"Facebook Inc. 2011. Facebook platform statistics. http:\/\/www.facebook.com\/press\/info.php?  Facebook Inc. 2011. Facebook platform statistics. http:\/\/www.facebook.com\/press\/info.php?"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242661"},{"key":"e_1_2_1_13_1","unstructured":"Freeman B. 2008. Yahoo! OpenID: One key many doors. http:\/\/developer.yahoo.com\/openid\/openid-research-jul08.pdf.  Freeman B. 2008. Yahoo! OpenID: One key many doors. http:\/\/developer.yahoo.com\/openid\/openid-research-jul08.pdf."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143127"},{"key":"e_1_2_1_15_1","unstructured":"Gigya Inc. 2011. Social sign-on. http:\/\/www.gigya.com\/.  Gigya Inc. 2011. Social sign-on. http:\/\/www.gigya.com\/."},{"key":"e_1_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Glaser B. and Strauss A. 1967. The Discovery of Grounded Theory: Strategies for Qualitative Research. Aldine Chicago.  Glaser B. and Strauss A. 1967. The Discovery of Grounded Theory: Strategies for Qualitative Research . Aldine Chicago.","DOI":"10.1097\/00006199-196807000-00014"},{"key":"e_1_2_1_17_1","unstructured":"Google Inc. 2012. The 1000 most-visited sites on the Web. http:\/\/www.google.com\/adplanner\/static\/top1000\/.  Google Inc. 2012. The 1000 most-visited sites on the Web. http:\/\/www.google.com\/adplanner\/static\/top1000\/."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1060745.1060815"},{"key":"e_1_2_1_19_1","unstructured":"Hammer-Lahav E. 2009. OAuth security advisory: 2009.1. http:\/\/oauth.net\/advisories\/2009-1\/.  Hammer-Lahav E. 2009. OAuth security advisory: 2009.1. http:\/\/oauth.net\/advisories\/2009-1\/."},{"key":"e_1_2_1_20_1","doi-asserted-by":"crossref","unstructured":"Hammer-Lahav E. 2010. The OAuth 1.0 protocol. http:\/\/tools.ietf.org\/html\/rfc5849.  Hammer-Lahav E. 2010. The OAuth 1.0 protocol. http:\/\/tools.ietf.org\/html\/rfc5849.","DOI":"10.17487\/rfc5849"},{"key":"e_1_2_1_21_1","unstructured":"Hammer-Lahav E. Recordon D. and Hardt D. 2011. The OAuth 2.0 authorization protocol. http:\/\/tools.ietf.org\/html\/draft-ietf-oauth-v2-22.  Hammer-Lahav E. Recordon D. and Hardt D. 2011. The OAuth 2.0 authorization protocol. http:\/\/tools.ietf.org\/html\/draft-ietf-oauth-v2-22."},{"key":"e_1_2_1_22_1","unstructured":"Hardt D. Bufu J. and Hoyt J. 2007. OpenID attribute exchange 1.0 - final. http:\/\/openid.net\/specs\/openid-attribute-exchange-1_0.html.  Hardt D. Bufu J. and Hoyt J. 2007. OpenID attribute exchange 1.0 - final. http:\/\/openid.net\/specs\/openid-attribute-exchange-1_0.html."},{"key":"e_1_2_1_23_1","unstructured":"Hodges J. Howlett J. Johansson L. and Morgan R. 2008. Towards Kerberizing Web identity and services. http:\/\/www.kerberos.org\/software\/kerbweb.pdf.  Hodges J. Howlett J. Johansson L. and Morgan R. 2008. Towards Kerberizing Web identity and services. http:\/\/www.kerberos.org\/software\/kerbweb.pdf."},{"key":"e_1_2_1_24_1","unstructured":"Hoyt J. Daugherty J. and Recordon D. 2006. Openid simple registration extension 1.0. http:\/\/openid.net\/specs\/openid-simple-registration-extension-1_0.html.  Hoyt J. Daugherty J. and Recordon D. 2006. Openid simple registration extension 1.0. http:\/\/openid.net\/specs\/openid-simple-registration-extension-1_0.html."},{"key":"e_1_2_1_25_1","unstructured":"Internet2. 2008. Shibboleth System. http:\/\/shibboleth.internet2.edu\/.  Internet2. 2008. Shibboleth System. http:\/\/shibboleth.internet2.edu\/."},{"key":"e_1_2_1_26_1","unstructured":"JanRain Inc. 2010. IDSelector. http:\/\/www.idselector.com\/.  JanRain Inc. 2010. IDSelector. http:\/\/www.idselector.com\/."},{"key":"e_1_2_1_27_1","volume-title":"Engage: Social login and share","author":"JanRain","year":"2012"},{"key":"e_1_2_1_28_1","unstructured":"JanRain Inc. 2012b. Social login and social sharing trends across the web for Q3 2012. http:\/\/janrain.com\/blog\/social-login-and-social-sharing-trends-across-the-web-for-q3-2012\/.  JanRain Inc. 2012b. Social login and social sharing trends across the web for Q3 2012. http:\/\/janrain.com\/blog\/social-login-and-social-sharing-trends-across-the-web-for-q3-2012\/."},{"key":"e_1_2_1_29_1","volume-title":"Springer, Chapter: Externalizing Mental Models with Mindtools, 145--159.","author":"Jonassen D.","year":"2008"},{"key":"e_1_2_1_30_1","unstructured":"Kantara Initiative. 2002. Liberty Alliance Project. http:\/\/www.projectliberty.org\/.  Kantara Initiative. 2002. Liberty Alliance Project. http:\/\/www.projectliberty.org\/."},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1592761.1592773"},{"key":"e_1_2_1_32_1","unstructured":"Laurie B. 2007. OpenID: Phishing Heaven. http:\/\/www.links.org\/?p=187.  Laurie B. 2007. OpenID: Phishing Heaven. http:\/\/www.links.org\/?p=187."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-9236(00)00076-2"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.50"},{"key":"e_1_2_1_35_1","unstructured":"McCrea J. 2009. Introducing two-click signup. http:\/\/blog.plaxo.com\/archives\/2009\/01\/introducing_two_1.html.  McCrea J. 2009. Introducing two-click signup. http:\/\/blog.plaxo.com\/archives\/2009\/01\/introducing_two_1.html."},{"key":"e_1_2_1_36_1","unstructured":"Messina C. 2009. OpenID phishing brainstorm. http:\/\/wiki.openid.net\/OpenID_Phishing_Brainstorm.  Messina C. 2009. OpenID phishing brainstorm. http:\/\/wiki.openid.net\/OpenID_Phishing_Brainstorm."},{"key":"e_1_2_1_37_1","unstructured":"Microsoft Corp. 2009. Windows CardSpace. http:\/\/www.microsoft.com\/windows\/products\/winfamily\/cardspace\/default.mspx.  Microsoft Corp. 2009. Windows CardSpace. http:\/\/www.microsoft.com\/windows\/products\/winfamily\/cardspace\/default.mspx."},{"key":"e_1_2_1_38_1","unstructured":"Microsoft Corp. 2011. Beyond Windows CardSpace. http:\/\/blogs.msdn.com\/b\/card\/archive\/2011\/02\/15\/beyond-windows-cardspace.aspx.  Microsoft Corp. 2011. Beyond Windows CardSpace. http:\/\/blogs.msdn.com\/b\/card\/archive\/2011\/02\/15\/beyond-windows-cardspace.aspx."},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0378-7206(00)00061-6"},{"key":"e_1_2_1_40_1","unstructured":"Mozilla Identity Lab. 2012. Mozilla persona. http:\/\/identity.mozilla.com\/.  Mozilla Identity Lab. 2012. Mozilla persona. http:\/\/identity.mozilla.com\/."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1201\/1086\/45241.14.2.20050501\/88289.3"},{"key":"e_1_2_1_42_1","unstructured":"Nanda A. and Jones M. B. 2008. Identity Selector Interoperability Profile V1.5. http:\/\/informationcard.net\/specifications.  Nanda A. and Jones M. B. 2008. Identity Selector Interoperability Profile V1.5. http:\/\/informationcard.net\/specifications."},{"key":"e_1_2_1_43_1","unstructured":"OASIS. 2005. Assertions and protocols for the OASIS security assertion markup language (SAML) v2.0.  OASIS. 2005. Assertions and protocols for the OASIS security assertion markup language (SAML) v2.0."},{"key":"e_1_2_1_44_1","unstructured":"OASIS. 2012. Organization for the Advancement of Structured Information Standards. http:\/\/www.oasis-open.org\/.  OASIS. 2012. Organization for the Advancement of Structured Information Standards. http:\/\/www.oasis-open.org\/."},{"key":"e_1_2_1_45_1","unstructured":"OpenID Foundation. 2009. Promotes protects and nurtures the OpenID community and technologies. http:\/\/openid.net\/foundation\/.  OpenID Foundation. 2009. Promotes protects and nurtures the OpenID community and technologies. http:\/\/openid.net\/foundation\/."},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1363-4127(04)00013-5"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.5555\/1288216.1288221"},{"key":"e_1_2_1_48_1","unstructured":"Recordon D. and Fitzpatrick B. 2007. OpenID authentication 2.0. http:\/\/openid.net\/specs\/openid-authentication-2_0.html.  Recordon D. and Fitzpatrick B. 2007. OpenID authentication 2.0. http:\/\/openid.net\/specs\/openid-authentication-2_0.html."},{"key":"e_1_2_1_49_1","volume-title":"Proceedings of the 14th Usenix Security Symposium.","author":"Ross B."},{"key":"e_1_2_1_50_1","unstructured":"Ruderman J. 2008. The same origin policy. http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html.  Ruderman J. 2008. The same origin policy. http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html."},{"key":"e_1_2_1_51_1","unstructured":"Sachs E. 2008. Usability research on federated login. http:\/\/sites.google.com\/site\/oauthgoog\/UXFedLogin.  Sachs E. 2008. Usability research on federated login. http:\/\/sites.google.com\/site\/oauthgoog\/UXFedLogin."},{"key":"e_1_2_1_52_1","unstructured":"Sakimura N. Bradley J. de Medeiros B. Jones M. B. and Jay E. 2011. OpenID Connect standard 1.0 - draft 07. http:\/\/openid.net\/specs\/openid-connect-standard-1_0.html.  Sakimura N. Bradley J. de Medeiros B. Jones M. B. and Jay E. 2011. OpenID Connect standard 1.0 - draft 07. http:\/\/openid.net\/specs\/openid-connect-standard-1_0.html."},{"key":"e_1_2_1_53_1","unstructured":"Sasse M. A. and Flechais I. 2005. Usable security: Why do we need it? How do we get it? In Security and Usability: Designing Secure Systems That People Can Use L. F. Cranor and S. Garfinkel Eds. 13--30. O\u2019Reilly.  Sasse M. A. and Flechais I. 2005. Usable security: Why do we need it? How do we get it? In Security and Usability: Designing Secure Systems That People Can Use L. F. Cranor and S. Garfinkel Eds. 13--30. O\u2019Reilly."},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.35"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2078827.2078842"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2008.88"},{"key":"e_1_2_1_57_1","unstructured":"Strouchliak I. 2009. Conversion rate optimization. http:\/\/www.seochat.com\/c\/a\/Website-Marketing-Help\/Conversion-Rate-Optimization\/.  Strouchliak I. 2009. Conversion rate optimization. http:\/\/www.seochat.com\/c\/a\/Website-Marketing-Help\/Conversion-Rate-Optimization\/."},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.5555\/1288216.1288222"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/1900546.1900556"},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866855.1866868"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/2078827.2078833"},{"key":"e_1_2_1_62_1","volume-title":"Proceedings of the 18th USENIX Security Symposium. 399--432","author":"Sunshine J."},{"key":"e_1_2_1_63_1","unstructured":"Sxipper Inc. 2009. Sxipper form manager Firefox extension. http:\/\/www.sxipper.com\/.  Sxipper Inc. 2009. Sxipper form manager Firefox extension. http:\/\/www.sxipper.com\/."},{"key":"e_1_2_1_64_1","unstructured":"The Eclipse Foundation. 2009. Higgins Card Selectors. http:\/\/www.eclipse.org\/higgins\/.  The Eclipse Foundation. 2009. Higgins Card Selectors. http:\/\/www.eclipse.org\/higgins\/."},{"key":"e_1_2_1_65_1","first-page":"1","article-title":"Using perceived ease of use and perceived usefulness to predict acceptance of the World Wide Web","volume":"30","author":"Tino","year":"1998","journal-title":"Computer Networks and ISDN Systems"},{"key":"e_1_2_1_66_1","unstructured":"Tom A. Alavilli P. and Fletcher G. 2008. Oauth session 1.0 draft 1. http:\/\/oauth.googlecode.com\/svn\/spec\/ext\/session\/1.0\/drafts\/1\/spec.html.  Tom A. Alavilli P. and Fletcher G. 2008. Oauth session 1.0 draft 1. http:\/\/oauth.googlecode.com\/svn\/spec\/ext\/session\/1.0\/drafts\/1\/spec.html."},{"key":"e_1_2_1_67_1","unstructured":"VeriSign Inc. 2009. VeriSign OpenID SeatBelt Plugin. https:\/\/pip.verisignlabs.com\/seatbelt.do.  VeriSign Inc. 2009. VeriSign OpenID SeatBelt Plugin. https:\/\/pip.verisignlabs.com\/seatbelt.do."},{"key":"e_1_2_1_68_1","volume-title":"Proceedings of the 9th USENIX Security Symposium. 169--183","author":"Whitten A."},{"key":"e_1_2_1_69_1","unstructured":"Wikipedia. 2009. Password fatigue. http:\/\/en.wikipedia.org\/wiki\/Password_fatigue.  Wikipedia. 2009. Password fatigue. http:\/\/en.wikipedia.org\/wiki\/Password_fatigue."},{"key":"e_1_2_1_70_1","unstructured":"Wisniewski T. Nadalin T. Cantor S. Hodges J. and Mishra P. 2005. SAML executive overview. Tech. rep. OASIS.  Wisniewski T. Nadalin T. Cantor S. Hodges J. and Mishra P. 2005. SAML executive overview. Tech. rep. OASIS."},{"key":"e_1_2_1_71_1","unstructured":"Wroblewski L. 2008. Web Form Design: Fill in the Blanks. Chapter: Gradual engagement.   Wroblewski L. 2008. Web Form Design: Fill in the Blanks. Chapter: Gradual engagement."},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2004.07.001"},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/1124772.1124863"},{"key":"e_1_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143126"},{"key":"e_1_2_1_75_1","unstructured":"Yodlee Inc. 2012. Personal finance data platform for powering innovation in financial services. http:\/\/www.yodlee.com.  Yodlee Inc. 2012. Personal finance data platform for powering innovation in financial services. http:\/\/www.yodlee.com."},{"key":"e_1_2_1_76_1","volume-title":"Proceedings of the 14th Annual Network and Distibuted System Security Symposium (NDSS).","author":"Zhang Y."}],"container-title":["ACM Transactions on Internet Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2532639","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2532639","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T20:22:05Z","timestamp":1750278125000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2532639"}},"subtitle":["Conceptual Gaps and Acceptance Model"],"short-title":[],"issued":{"date-parts":[[2013,11]]},"references-count":76,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2013,11]]}},"alternative-id":["10.1145\/2532639"],"URL":"https:\/\/doi.org\/10.1145\/2532639","relation":{},"ISSN":["1533-5399","1557-6051"],"issn-type":[{"value":"1533-5399","type":"print"},{"value":"1557-6051","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,11]]},"assertion":[{"value":"2012-01-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-06-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-11-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}