Abstract
Single sign-on (SSO) helps users to cope with many online services that require authentication. Systems such as OpenID and SAML-based Shibboleth offer federated identity management where an Identity Provider authenticates the user on behalf of the services. Much research concentrates on making authentication stronger, preventing phishing and making the systems more user friendly but less attention has been paid to the termination of the authentication sessions i.e. logout. It is, however, equally important that the sessions do not remain open when, for example, a student using shared computers in a university library leaves the workstation. In this article, we describe challenges related to logout in federated identity management on web based services and give guidelines for implementing reliable logout from services that use single sign-on.
Chapter PDF
Similar content being viewed by others
References
Alsaleh, M., Adams, C.: Enhancing Consumer Privacy in the Liberty Alliance Identity Federation and Web Services Frameworks. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 59–77. Springer, Heidelberg (2006)
Apache Software Foundation. Apache Tomcat (2012), http://tomcat.apache.org
Balfanz, D.: Sign-out from Google federated login api. Google API discussion forum (February 13, 2009), https://groups.google.com/forum/?fromgroups#Ì„!searchin/google-federated-log in-api/sign-out/google-federated-login-api/dBpKzRh1Amc/dEJhGRDwTE0J
Cahill, C.P., Martin, J., Phegade, V., Rajan, A., Pagano, M.W.: Client-based authentication technology: User-centric authentication using secure containers. In: DIM’11: Proceedings of the 7th ACM Workshop on Digital Identity Management, pp. 83–92. ACM (2011)
Chadwick, D.W., Inman, G.L., Siu, K.W., Ferdous, M.S.: Leveraging social networks to gain access to organisational resources. In: DIM 2011 Proceedings of the 7th ACM Workshop on Digital Identity Management, pp. 43–52. ACM (2011)
CSC - IT Center for Science. Haka federation (June 2006), http://www.csc.fi/english/institutions/haka (referred November 8, 2012)
CSC - IT Center for Science. Haka Logout (2012), http://www.csc.fi/hallinto/haka/ohjeet/ohjeet-yllapitajille/haka-logout (referred October 30, 2012)
Dhamija, R., Dusseault, L.: The seven flaws of identity management, usability and security challenges. IEEE Security and Privacy 6(6), 24–29 (2008)
Facebook. Getting started with Facebook login. docs/technical-guides/login/ (2012), https://developers.facebook.com/ (referred November 7, 2012)
Florêncio, D., Herley, C.: A largescale study of web password habits. In: Proceeding WWW 2007 Proceedings of the 16th International Conference on World Wide Web (2007)
Gaw, S., Felten, E.W.: Password management strategies for online accounts. In: Symposium on Usable Privacy and Security, SOUPS 2006, pp. 44–55 (July 2006)
Ideelabor. Openid in Estonia (2008), http://openiddirectory.com/openid-providers-c-1.html (referred February 27, 2009)
Kalmar2. Kalmar2 - access to nordic higher education with single login, https://www.kalmar2.org/kalmar2web/front_page.html (referred December 20, 2012)
Linden, M., Vilpola, I.: An Empirical Study on the Usability of Logout in a Single Sign-on System. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 243–254. Springer, Heidelberg (2005)
Microsoft. Windows live id web authentication sdk (2012), http://msdn.microsoft.com/en-us/library/bb676633.aspx (referred November 7, 2012)
Mustafic, T., Messerman, A., Camtepe, S.A., Schmidt, A.-D., Albayrak, S.: Behavioral biometrics for persistent single sign-on. In: Proceedings of the 7th ACM Workshop on Digital Identity Management, DIM 2011, pp. 73–82. ACM (2011)
OpenID Community. Openid authentication 2.0 - final (December 5, 2007), http://openid.net/specs/openid-authentication-2_0.html (referred November 8, 2012)
Pashalidis, A., Mitchell, C.J.: A Taxonomy of Single Sign-on Systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 249–264. Springer, Heidelberg (2003)
Pennanen, J.: Wiki nelli metalib (August 3, 2009), https://wiki.helsinki.fi/display/Nelli/MetaLib (referred November 7, 2012)
Ragouzis, N., Hughes, J., Philpott, R., Maler, E., Madsen, P., Scavo, T.: Security assertion markup language (saml) v2.0 technical overview. Technical report, OASIS (February 2007)
Shibboleth Consortium. Shibboleth (2012), http://shibboleth.net/
Sun, S.-T., Boshmaf, Y., Hawkey, K., Beznosov, K.: A billion keys, but few locks: the crisis of web single sign-on. In: NSPW 2010: Proceedings of the 2010 Workshop on New Security Paradigms (September 2010)
Sun, S.-T., Hawkey, K., Beznosov, K.: Openidemail enabled browser: Towards fixing the broken web single sign-on triangle. In: DIM 2010, October 8. ACM (2010)
Sun, S.-T., Pospisil, E., Muslukhov, I., Dindar, N., Hawkey, K., Beznosov, K.: Openid-enabled browser: Towards usable and secure web single sign-on. In: CHI EA 2011: Proceedings of the 2011 Annual Conference Extended Abstracts on Human Factors in Computing Systems. ACM (May 2011)
Sun, S.-T., Pospisil, E., Muslukhov, I., Dindar, N., Hawkey, K., Beznosov, K.: What makes users refuce web signle sign-on? an empirical investigation of openid. In: SOUPS 2011: Proceedings of the Seventh Symposium on Usable Privacy and Security. ACM (July 2011)
Suoranta, S., Andrade, A., Aura, T.: Strong Authentication with Mobile Phone. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol. 7483, pp. 70–85. Springer, Heidelberg (2012)
Takeda, Y., Kondo, S., Kitayama, Y., Torato, M., Motegi, T.: Avoidance of performance bottlenecks caused by http redirect in identity management protocols. In: DIM 2006: Proceedings of the Second ACM Workshop on Digital Identity Management. ACM (November 2006)
The OpenIDDirectory. Openid providers (February 2009), http://openiddirectory.com/openid-providers-c-1.html (referred February 27, 2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Suoranta, S., Tontti, A., Ruuskanen, J., Aura, T. (2013). Logout in Single Sign-on Systems. In: Fischer-Hübner, S., de Leeuw, E., Mitchell, C. (eds) Policies and Research in Identity Management. IDMAN 2013. IFIP Advances in Information and Communication Technology, vol 396. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37282-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-37282-7_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37281-0
Online ISBN: 978-3-642-37282-7
eBook Packages: Computer ScienceComputer Science (R0)