Logout in single sign-on systems: Problems and solutions

  title={Logout in single sign-on systems: Problems and solutions},
  author={Sanna Suoranta and K. Manzoor and Asko Tontti and J. Ruuskanen and T. Aura},
  journal={J. Inf. Secur. Appl.},
Web single sign-on (SSO) systems enable users to authenticate themselves to multiple online services with one authentication credential and mechanism offered by an identity provider. [...] Key Method A usability test was conducted to evaluate the solution. The results show that the users liked the ability to choose between the two logout options, but they did not understand the words used to describe them. Another observation was that a majority of the users do not log out of the services at all; they just…Expand
Characterization of web single sign-on protocols
A conceptual characterization of web SSO protocols through their assertions and their features that help preserve the privacy of the user resources involved in SSO are presented. Expand
A policy-based identity management schema for managing accesses in clouds
The results show that this policy- based user authentication model has met defined demands of the research to enhance the reliability and efficiency of identity management in cloud computing environments. Expand
Correlations between invisibility and usability in ubicomp and IoT applications: partial results
A process for defining a catalog of correlations for quality characteristics for Invisibility and Usability was proposed and partial results of the execution of this process are presented. Expand
How developers believe Invisibility impacts NFRs related to User Interaction
This work aims at capturing and cataloging invisibility correlations for UbiComp and IoT systems, and proposes to systematize the definition of correlations using the following well-defined research methods: Interview, Content Analysis and Questionnaire. Expand
Education Electronic Identity Based on the Related Certification
A multi-application systems integration platform has been achieved via associated certification of Education Electronic Identity. Therefore, the network resources are saved and the efficiency ofExpand
Hardware Trojan Based Security Issues in Home Area Network: A Testbed Setup
This paper developed a testbed which can be scalable up to 127 nodes using I2C interface to control and implement any kind of required network behavior and introduced three possible scenarios of HTs in this HAN network testbed. Expand
Integration and optimization of Android applications based on service-oriented architecture
  • Hao Hu, Jinran Song
  • Computer Science
  • 2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD)
  • 2016
A request processing optimization method, which combines the request priority and request wait time, aiming massive user groups' usage scenarios, is proposed, which could provide better user experience. Expand
A Study on the Relationship between Usability of GUIs and Power Consumption of a PC: The Case of PHRs
The relationship between the usability evaluations of the GUIs and the power consumption measurements of the main components of a PC were analysed and it was found that the usability principles of design cannot always be related to lower energy consumption. Expand
基于教育电子身份号的关联认证 Education Electronic Identity Based on the Related Certification
A multi-application systems integration platform has been achieved via associated certification of Education Electronic Identity and the efficiency of access is improved through Single Sign-On and real-name to access multi- application systems. Expand
A Literature Survey on Risk Assessment for Unix Operating System: Risk Assessment on UNIX OS
  • P. Pradhan
  • Computer Science
  • Int. J. Adv. Pervasive Ubiquitous Comput.
  • 2019


Logout in Single Sign-on Systems
Challenges related to logout in federated identity management on web based services and guidelines for implementing reliable logout from services that use single sign-on are described. Expand
A Taxonomy of Single Sign-On Systems
A taxonomy of SSO approaches is presented and some of the SSO schemes, services and products into that context enables decisions about the design and selection of future approaches to SSO to be made within a more structured context and reveals some important differences in the security properties that can be provided by various approaches. Expand
An Empirical Study on the Usability of Logout in a Single Sign-on System
The main result of this study is that when a multiservice environment uses SSO for user authentication, a single logout should also be used instead of expecting users to separately log out from each service. Expand
OpenIDemail enabled browser: towards fixing the broken web single sign-on triangle
This work builds OpenID support into web browsers, hides OpenID identifiers from users by using their existing email accounts, extends the OpenID protocol to perform authentication directly by browsers, and introduces an OpenIDAuth HTTP access authentication scheme to convey authenticated identities automatically into websites that support OpenID for authentication. Expand
A billion keys, but few locks: the crisis of web single sign-on
The problem of Web SSO adoption for RPs is discussed and it is argued that solutions in this space must offer RPs sufficient business incentives and trustworthy identity services in order to succeed. Expand
What makes users refuse web single sign-on?: an empirical investigation of OpenID
Investigating the challenges and concerns web users face when using OpenID for authentication, and identifying what changes in the login flow could improve the users' experience and adoption incentives, finds more than 60% of study participants would use Web SSO solutions on the websites they trust. Expand
Strong Authentication with Mobile Phone
This paper uses the Internet-enabled mobile phone as a secure token in a federated single sign-on environment and concludes that it is possible to implement strong personal authentication for an open-source SSO system with low start-up and operating costs and gradual deployment. Expand
Client-based authentication technology: user-centric authentication using secure containers
The main component of CBAT is the Trusted Identity Manager (TIM), which resides within a hardware-based secure container on the user's system, which asserts theuser's authentication to local and remote service providers without releasing the user’s credentials. Expand
Avoidance of performance bottlenecks caused by HTTP redirect in identity management protocols
A new model to replace HTTP redirect with server-to-server communication is developed and shows significant improvement of turnaround time for authentication by avoiding HTTP redirect over a 64kbps wireless communication channel. Expand
OpenID-enabled browser: towards usable and secure web single sign-on
This work investigated the challenges web users face when using OpenID for authentication, and designed a phishing-resistant, privacy-preserving browser add-on to provide a consistent and intuitive single sign-on user experience for the average web users. Expand