A Proposal and Implementation of an ID Federation that Conceals a Web Service from an Authentication Server

Abstract

Recently, it is becoming more common for a website to authenticate its users with an external identity provider by using Open ID Authentication or Security Assertion Markup Language. However, such authentication schemes tell the identity provider where the user is going. Consequently, for instance, an identity provider can track its users and refuse access to services offered by competitors. In this paper, we propose an authentication method whereby an identity provider cannot track users.