Traditionally, most authenticated relationships between users and service/content providers over the internet are established based on credentials such as pairs of username and password. As users interact with an increasing number of service/content providers over the internet, users are required to create and remember an increasing number of passwords. As a security measure against password phishing, service and/or content providers prompt users to choose complex passwords and to change the passwords periodically. The excessive number of evolving passwords often causes confusion and frustration in users, and many users resort to forgoing security for convenience and using a single or a small number of passwords for all of their online access accounts. This practice leaves the users and the online service and/or content providers vulnerable to fraud and hacker attacks.
In addition to the problem of the excessive number of passwords each user has to manage, users are often required to enter the same credential more than once when accessing sub-branches of a service/content provider or accessing the same service/content provider from different entry points of the service/content website. To reduce users' frustration with repeated password entries, many organizations are migrating to single sign-on (SSO) systems for their users within the organizations. SSO systems allow a user to access many services without having to manually authenticate more than once. SSO systems that go beyond organization boundaries have also been proposed. In past years, industry efforts have resulted in a number of specifications and standards aimed at cross-organizational SSO. However, few organizations have adopted cross-organizational SSO systems, especially in consumer facing settings due to the privacy issues involved in the current cross-organizational SSO systems. For example, one of the privacy issues is a result of users identifying themselves to numerous unrelated organizations, enabling these organizations, in collusion, to collect and correlate a vast amount of information about each of these users.