An Empirical Study on the Usability of Logout in a Single Sign-on System

Linden, Mikael; Vilpola, Inka

doi:10.1007/978-3-540-31979-5_21

Mikael Linden²⁰ &
Inka Vilpola²¹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3439))

Included in the following conference series:

International Conference on Information Security Practice and Experience

1039 Accesses
4 Citations

Abstract

Single sign-on (SSO) has shown to be a successful paradigm in a network environment where a large number of passwords would otherwise be required. However, the SSO paradigm leaves the practices of logging out of services undetermined. In this study, the users’ subjective satisfaction in the current implementation of login and logout was examined with both quantitative and qualitative methods. The study was carried out in a university using SSO in its intranet. The main result of this study is that when a multiservice environment uses SSO for user authentication, a single logout should also be used instead of expecting users to separately log out from each service.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the ‘weakest link’ – a human/computer interaction approach to usable and effective security. BT Technol. J. 19(3) (2001)
Google Scholar
Pashalidis, A., Mitchell, C.: A Taxonomy of Single Sign-On Systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 249–264. Springer, Heidelberg (2003)
Chapter Google Scholar
ISO/IEC (1998b) 9241-11 Ergonomic requirements for office work with visual display terminals (VDT)s - Part 11 Guidance on usability, ISO/IEC 9241-11 (1998)
Google Scholar
De Clercq, J.: Single sign-on architectures. In: Davida, G., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 40–58. Springer, Heidelberg (2002)
Chapter Google Scholar
Volchkov, A.: Revisiting Single Sign-on. A Pragmatic Approach in a New Context. IEEE IT Professional 3(1), 39–45 (2001)
Google Scholar
Anchan, D., Pegah, M.: Regaining Single Sign-On Taming the Beast. In: Proceedings of SIGUCCS 2003 Conference, pp. 166–171. ACM Press, New York (2003)
Chapter Google Scholar
Taylor, K., Murty, M.: Implementing Role Based Access Control for Federated Information Systems on the Web. In: Johnson, C., Montague, P., Steketee, C. (eds.) Australasian Information Security Workshop 2003. Australian Computer Society Inc., Sydney, pp. 87–95 (2003)
Google Scholar
The InCommon Federation. The InCommon Glossary. Available in, http://www.incommonfederation.org/glossary.cfm , (visited 1/2005)
Liberty Alliance Project. Liberty ID-FF Protocols and Schema Specification version 1.2. Piscataway, New Jersey (2003)
Google Scholar
Internet2/MACE. The Shibboleth project, http://shibboleth.internet2.edu/ , (visited 1/2005)
Web Services Federation Language. IBM, Microsoft, VeriSign (2003)
Google Scholar
Microsoft.NET passport review guide. Microsoft corporation (2004)
Google Scholar
Oppliger, R.: Microsoft.NET Passport and Identity Management. Information Security Technical Report 9(1), 26–34 (2004)
Article Google Scholar
Kormann, D., Rubin, A.: Risks of the Passport single signon protocol. Computer Networks 33(1-6), 51–58 (2000)
Article Google Scholar
Nielsen, J.: Ten Usability Heuristics. Available in, http://www.useit.com/papers/heuristic/heuristic_list.html , (visited 1/2005)
Smetters, D.K., Grinter, R.E.: Moving from the Design of Usable Security Technologies to the Design of Useful Secure Applications. In: New Security Paradigms Workshop 2002, pp. 82–89. ACM Press, New York (2002)
Chapter Google Scholar
University of Washington. Pubcookie: open-source software for intra-institutional web authentication, http://www.pubcookie.org/ , (visited 1/2005)
Nielsen, J.: Usability Engineering, pp. 214–216. Academic Press, San Diego (1993)
MATH Google Scholar

Download references

Author information

Authors and Affiliations

CSC, the Finnish IT Center for Science, P.O. Box 405, FI-02101, Espoo, Finland
Mikael Linden
Institute of Software Systems, Tampere University of Technology, P.O. Box 553, FI-33101, Tampere, Finland
Inka Vilpola

Authors

Mikael Linden
View author publications
You can also search for this author in PubMed Google Scholar
Inka Vilpola
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Information Systems, Singapore Management University, Singapore
Robert H. Deng
Institute for Infocomm Research, 119613, Singapore
Feng Bao
School of Information Systems, Singapore Management University,
HweeHwa Pang
Cryptography and Security Department Institute for Infocomm Research, Singapore
Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Linden, M., Vilpola, I. (2005). An Empirical Study on the Usability of Logout in a Single Sign-on System. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2005. Lecture Notes in Computer Science, vol 3439. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31979-5_21

Download citation

DOI: https://doi.org/10.1007/978-3-540-31979-5_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25584-0
Online ISBN: 978-3-540-31979-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics