An Empirical Study on the Usability of Logout in a Single Sign-on System

  • Mikael Linden
  • Inka Vilpola
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3439)


Single sign-on (SSO) has shown to be a successful paradigm in a network environment where a large number of passwords would otherwise be required. However, the SSO paradigm leaves the practices of logging out of services undetermined. In this study, the users’ subjective satisfaction in the current implementation of login and logout was examined with both quantitative and qualitative methods. The study was carried out in a university using SSO in its intranet. The main result of this study is that when a multiservice environment uses SSO for user authentication, a single logout should also be used instead of expecting users to separately log out from each service.


Focus Group Focus Group Session Role Base Access Control Visual Display Terminal Federate Identity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the ‘weakest link’ – a human/computer interaction approach to usable and effective security. BT Technol. J. 19(3) (2001)Google Scholar
  2. 2.
    Pashalidis, A., Mitchell, C.: A Taxonomy of Single Sign-On Systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 249–264. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    ISO/IEC (1998b) 9241-11 Ergonomic requirements for office work with visual display terminals (VDT)s - Part 11 Guidance on usability, ISO/IEC 9241-11 (1998)Google Scholar
  4. 4.
    De Clercq, J.: Single sign-on architectures. In: Davida, G., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 40–58. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Volchkov, A.: Revisiting Single Sign-on. A Pragmatic Approach in a New Context. IEEE IT Professional 3(1), 39–45 (2001)Google Scholar
  6. 6.
    Anchan, D., Pegah, M.: Regaining Single Sign-On Taming the Beast. In: Proceedings of SIGUCCS 2003 Conference, pp. 166–171. ACM Press, New York (2003)CrossRefGoogle Scholar
  7. 7.
    Taylor, K., Murty, M.: Implementing Role Based Access Control for Federated Information Systems on the Web. In: Johnson, C., Montague, P., Steketee, C. (eds.) Australasian Information Security Workshop 2003. Australian Computer Society Inc., Sydney, pp. 87–95 (2003)Google Scholar
  8. 8.
    The InCommon Federation. The InCommon Glossary. Available in,, (visited 1/2005)
  9. 9.
    Liberty Alliance Project. Liberty ID-FF Protocols and Schema Specification version 1.2. Piscataway, New Jersey (2003)Google Scholar
  10. 10.
    Internet2/MACE. The Shibboleth project,, (visited 1/2005)
  11. 11.
    Web Services Federation Language. IBM, Microsoft, VeriSign (2003)Google Scholar
  12. 12.
    Microsoft.NET passport review guide. Microsoft corporation (2004)Google Scholar
  13. 13.
    Oppliger, R.: Microsoft.NET Passport and Identity Management. Information Security Technical Report 9(1), 26–34 (2004)CrossRefGoogle Scholar
  14. 14.
    Kormann, D., Rubin, A.: Risks of the Passport single signon protocol. Computer Networks 33(1-6), 51–58 (2000)CrossRefGoogle Scholar
  15. 15.
    Nielsen, J.: Ten Usability Heuristics. Available in,, (visited 1/2005)
  16. 16.
    Smetters, D.K., Grinter, R.E.: Moving from the Design of Usable Security Technologies to the Design of Useful Secure Applications. In: New Security Paradigms Workshop 2002, pp. 82–89. ACM Press, New York (2002)CrossRefGoogle Scholar
  17. 17.
    University of Washington. Pubcookie: open-source software for intra-institutional web authentication,, (visited 1/2005)
  18. 18.
    Nielsen, J.: Usability Engineering, pp. 214–216. Academic Press, San Diego (1993)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Mikael Linden
    • 1
  • Inka Vilpola
    • 2
  1. 1.CSC, the Finnish IT Center for ScienceEspooFinland
  2. 2.Institute of Software SystemsTampere University of TechnologyTampereFinland

Personalised recommendations