Single sign-on is an identity transaction enabling a subject to reuse authentication results for access to more than one service. The user can access many services without further authentication actions once the single sign-on transaction has been successfully conducted (granted that he/she has sufficient privileges for the services). If relying parties independently request a user to authenticate, he/she has to repeatedly authenticate, maintain many accounts, memorize many passwords, and/or keep many authentication devices (e.g., smart cards and one-time password tokens). Single sign-on simplifies user authentication for accessing many services to reduce efforts by users and RPs in maintaining many accounts. Security Assertion Markup Language (SAML) technical standards specify such single sign-on transactions [5].