Thursday, 22 April 2010

Single logout solutions

We're all really comfortable with single sign on (SSO) solutions and the fact that they are essentially same sign on with credential caching, ie once the user has logged into one application the credentials used are replayed to other applications. This is essentially how portal solutions work - log in to the portal and then behind the scenes log into mail, documents etc. iGoogle with it's gadgets is quite a nice example.

But what about logout?

If you have a web desktop (aka portal) it's a reasonable assumption that you want to log into everything at once. It's not the case that you wish to logout of everything at once. You might for example want to logout of the blog application but keep your mail open.

The only reasonable solution is to modify the logout behaviours of each application and give users a screen with a choice of :

  • logout of
  • I'm done - log me out of everything
However in a global wide area network where some applications are local and others may be elsewhere and authenticated differently this may be a trifle more difficult to implement.

However, the good news is that Feide have also looked at the problem and both come up with a near identical solution and also carried out usability tests - the good news is that users seem to cope with this rather well, including the idea of a list of applications and their login status, which is, I think, quite a neat idea ...

No comments: