Iris: Third-Party Authentication Service

Existing centralized identification systems, such as Facebook or Google, offer convenient services for authentication and storing user information that third-party services leverage to reduce friction and streamline the process of creating user profiles and logging in. However, these systems present conflict of interests, and users may be interested in a third-party service that focuses exclusively on authentication. To this end, we present Iris, a web-based, secure solution that resolves the single-point-of-failure concern and provides secure protocols of data transmission and transparency of data usage. Iris consists of two components: a database that holds users’ information encrypted with their passphrases along with a public API to retreive this data, and a client-side browser extension that handles encryption and decryption of the user’s information so that the passphrase never leaves the user’s local computer. In this paper, we detail how using Iris reduces friction for the website and user, and how a high level of security and authentication is achieved. In addition, we examine the potential threat model and present directions for future work.