摘要
单点登录技术通过允许用户使用身份提供方的单一身份访问多个应用服务,不仅显著提升了用户体验,还降低了服务提供方的身份管理成本,因此得到了迅速普及。然而,现有SSO方案普遍缺乏对用户隐私的有效保护,容易导致用户身份信息和行为数据的泄露。近年来,针对SSO隐私保护的研究不断涌现,但目前仍缺乏从SSO系统视角对隐私保护机制进行全面综述的工作。首先从同步式与异步式SSO认证模式出发,系统分析其技术特点、适用场景以及隐私保护挑战。随后,结合SSO的发展趋势,提出了隐私保护SSO的核心评价指标与方法。在此基础上,通过对现有隐私保护方案的全面梳理,归纳其设计思路和技术路径,并从隐私性、安全性和通用性等维度对比分析各方案的优势与局限。最后,结合领域内的最新热点研究,总结了当前SSO隐私保护领域的关键挑战与未来研究方向,为后续研究提供参考。
SSO technology enables users to access multiple application services using a single identity issued by an identity provider.This technology significantly enhances user experience and reduces the identity management cost for service provi-ders,leading to its rapid adoption.However,most existing SSO schemes lack effective user privacy protection,which results in potential leakage of identity information and behavioral data.In recent years,various privacy-preserving SSO schemes have been proposed,yet a comprehensive review of privacy protection mechanisms from the perspective of SSO system architecture remains absent.This paper analyzed the technical characteristics,application scenarios,and privacy preserving challenges of synchronous and asynchronous SSO authentication models.The study proposed key evaluation criteria and methodologies for privacy-preserving SSO based on current development trends.This paper systematically reviewed existing privacy-preserving schemes,and summarized their design principles and technical approaches.It compared and analyzed the schemes in terms of privacy,security,and generality to reveal their strengths and limitations.It outlined current research hotspots and critical challenges in SSO privacy protection,and identified future research directions to support further studies in this field.
作者
何俊霖
雷灵光
边毅
马思源
王跃武
寇春静
He Junlin;Lei Lingguang;Bian Yi;Ma Siyuan;Wang Yuewu;Kou Chunjing(School of Computer Science&Technology,University of Chinese Academy of Sciences,Beijing 100049,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;School of Cryptology,University of Chinese Academy of Sciences,Beijing 100049,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100085,China)
出处
《计算机应用研究》
北大核心
2025年第9期2561-2571,共11页
Application Research of Computers
基金
国家重点研发计划资助项目(2023YFB3105803)。
关键词
单点登录
隐私保护
身份和访问管理
身份认证
匿名凭证
single sign-on(SSO)
privacy-preserving
identity and access management(IAM)
authentication
anonymous credential
