The Community for Technology Leaders
RSS Icon
Issue No.05 - Sept.-Oct. (2012 vol.10)
pp: 82-85
Bart den Haak , Backbase
The integration of user customization with authentication follows four patterns. The local-user pattern tightly couples user authentication and customization. The external-user pattern loosely couples customization and authentication so that the customization module relies on the external authentication provider to authenticate users and return their unique identifiers. The local- + external-user pattern tightly couples customization to a local user account, but that account can be connected to multiple external authentication providers. Finally, the masked-external-user pattern requires extra effort to protect sensitive information about users' identity.
Authentication, User centered design, Computer security, Open systems, Pattern recognition, computer security, user customization, authentication, privacy, local-user pattern, external-user pattern, local- + external-user pattern, masked-external-user pattern, OpenID, OAuth
Željko Obrenović, Bart den Haak, "Integrating User Customization and Authentication: The Identity Crisis", IEEE Security & Privacy, vol.10, no. 5, pp. 82-85, Sept.-Oct. 2012, doi:10.1109/MSP.2012.119
1. G. Phifer, The Emerging User Experience Platform, tech. report G00211625, Gartner, 2011; www.gartner.comid=1610217.
2. A. Rezgui, A. Bouguettaya, and M.Y. Eltoweissy, “Privacy on the Web: Facts, Challenges, and Solutions,” IEEE Security & Privacy, Nov./Dec. 2003, pp. 40–49.
3. D.A. Norman, “When Security Gets in the Way,” ACM Interactions, vol. 16, no. 6, 2009, pp. 60–63.
4. M. Dembowski, “How to NOT Store User Credentials in a Database,” blog, 1 Oct. 2012; .
5. M.N. Ko et al., “Social-Networks Connect Services,” Computer, Aug. 2010, pp. 37–43.
6. J. Kirk, “Ramnit Worm Goes after Facebook Credentials,” Computerworld,5 Jan. 2012; .
7. R. Wang, S. Chen, and X. Wang, “Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services,” Proc. 2012 IEEE Symp. Security and Privacy, IEEE, 2012, pp. 365–379.
8. V. Moen and T. Tj⊘stheim, “Case Study: Online Banking Security,” IEEE Security & Privacy, Mar./Apr. 2006, pp. 14–20.
9. “Authentication Best Practices—Claimed Identifiers vs. Email Addresses,” Google; marketplacebest_practices#claimed.
22 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool