UX w/no logout...single sign out

Session: Tuesday, Session 3 Space E

Conference: IIW 10 May 17-19, 2009 this is the complete Complete Set of Notes

Convener: Judith Bush

Notes-taker(s): Judith Bush

Tags:

SSO, Single sign out, logout, close the browser

Notes:

Ideally a user will close their browser to securely terminate all SSO sessions. Single Logout has many UX issues that make actually implementing problematic. However, users who may be using public or shared computers need to securely terminate but may not know that closing the browser is the best way: they expect a logout.

Stanford has gone over ten years in their heterogeneous application environment and their Kerberos/Shib SSO environment. Student will come out of these environments trained to close the browser (not just the tab ot the window)> How to train others?

Offer a "logout" button that redirects the user back to a specific page of their IDP. SAML 2.0 (or shib) may have a page for this use specified.

Alan Karp suggests that close tab as well as "logout" would send user back, continuing the education action, and suggests that unguessable URLs be used for personal machines.

Steve Williams thinks single sign on (one entrance of credentials for a day) is a bug.