1. In ROSTAM, users can change their IdP without being required to change or update their SP accounts. B2: No-Device-Setup. This is partially provided in ROSTAM since Chrome is not installed by default and also the Extension is required to be downloaded and installed on the browser. B3: No-Hardware-Token-Required. Just like Firefox Sync 2.0 and OpenID Connect, ROSTAM users can authenticate themselves to SPs without any additional hardware token;Idp-Sp;ROSTAM adopts Portable hardware token model (M2) as it requires users to carry their phones. B1: Portable-Identity-Across-IdP

2. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes;J Bonneau;Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP '12,2012

3. Comparative analysis and framework evaluating web single sign-on systems;F Alaca;ACM Comput. Surv,2020

4. A taxonomy of single sign-on systems;A Pashalidis;Proceedings of the 8th Australasian Conference on Information Security and Privacy, ACISP'03,2003

5. Tapas: Design, implementation, and usability evaluation of a password manager;D Mccarney;Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC '12,2012