Abstract
Single sign-on (SSO) has shown to be a successful paradigm in a network environment where a large number of passwords would otherwise be required. However, the SSO paradigm leaves the practices of logging out of services undetermined. In this study, the users’ subjective satisfaction in the current implementation of login and logout was examined with both quantitative and qualitative methods. The study was carried out in a university using SSO in its intranet. The main result of this study is that when a multiservice environment uses SSO for user authentication, a single logout should also be used instead of expecting users to separately log out from each service.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the ‘weakest link’ – a human/computer interaction approach to usable and effective security. BT Technol. J. 19(3) (2001)
Pashalidis, A., Mitchell, C.: A Taxonomy of Single Sign-On Systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 249–264. Springer, Heidelberg (2003)
ISO/IEC (1998b) 9241-11 Ergonomic requirements for office work with visual display terminals (VDT)s - Part 11 Guidance on usability, ISO/IEC 9241-11 (1998)
De Clercq, J.: Single sign-on architectures. In: Davida, G., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 40–58. Springer, Heidelberg (2002)
Volchkov, A.: Revisiting Single Sign-on. A Pragmatic Approach in a New Context. IEEE IT Professional 3(1), 39–45 (2001)
Anchan, D., Pegah, M.: Regaining Single Sign-On Taming the Beast. In: Proceedings of SIGUCCS 2003 Conference, pp. 166–171. ACM Press, New York (2003)
Taylor, K., Murty, M.: Implementing Role Based Access Control for Federated Information Systems on the Web. In: Johnson, C., Montague, P., Steketee, C. (eds.) Australasian Information Security Workshop 2003. Australian Computer Society Inc., Sydney, pp. 87–95 (2003)
The InCommon Federation. The InCommon Glossary. Available in, http://www.incommonfederation.org/glossary.cfm , (visited 1/2005)
Liberty Alliance Project. Liberty ID-FF Protocols and Schema Specification version 1.2. Piscataway, New Jersey (2003)
Internet2/MACE. The Shibboleth project, http://shibboleth.internet2.edu/ , (visited 1/2005)
Web Services Federation Language. IBM, Microsoft, VeriSign (2003)
Microsoft.NET passport review guide. Microsoft corporation (2004)
Oppliger, R.: Microsoft.NET Passport and Identity Management. Information Security Technical Report 9(1), 26–34 (2004)
Kormann, D., Rubin, A.: Risks of the Passport single signon protocol. Computer Networks 33(1-6), 51–58 (2000)
Nielsen, J.: Ten Usability Heuristics. Available in, http://www.useit.com/papers/heuristic/heuristic_list.html , (visited 1/2005)
Smetters, D.K., Grinter, R.E.: Moving from the Design of Usable Security Technologies to the Design of Useful Secure Applications. In: New Security Paradigms Workshop 2002, pp. 82–89. ACM Press, New York (2002)
University of Washington. Pubcookie: open-source software for intra-institutional web authentication, http://www.pubcookie.org/ , (visited 1/2005)
Nielsen, J.: Usability Engineering, pp. 214–216. Academic Press, San Diego (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Linden, M., Vilpola, I. (2005). An Empirical Study on the Usability of Logout in a Single Sign-on System. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2005. Lecture Notes in Computer Science, vol 3439. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31979-5_21
Download citation
DOI: https://doi.org/10.1007/978-3-540-31979-5_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25584-0
Online ISBN: 978-3-540-31979-5
eBook Packages: Computer ScienceComputer Science (R0)