PseudoID: Enhancing Privacy in Federated Login

Arkajit Dey
Stephen Weis
Hot Topics in Privacy Enhancing Technologies(2010), pp. 95-107


PseudoID is a federated login system that protects users from disclosure of private login data held by identity providers. We offer a proof of concept implementation of PseudoID based on blind digital signatures that is backward-compatible with a popular federated login system named OpenID. We also propose several extensions and discuss some of the practical challenges that must be overcome to further protect user privacy in federated login systems.