May 2009


Logout interfaceLogging in is simple.  Getting out is simple, you just close your browser.  Unless you wanted to explicitly log out, or you needed to log out from just one application and keep the other applications working. Another issues is related to closing all browser windows, this sounds easy to do, but can be too difficult for some users.

Andreas implemented a nice user interface for single log out in SimpleSAMLphp, as shown on the right.

A surprising high number of users (8-10%) started using the SLO functionality when this was enabled in March 2009. If this number continues to stay high as we move from pilot in a selected user group to the broader audience in education remains to be seen.

Our main motivation behind the SLO interface was to offer a way to log out from one specific application where the licensing scheme was based on payment per  user logged in at the same time.  This motivated us to find a way to log out from that system, while keeping the other sessions with service providers alive.  If we demanded a global log-out, the end users would loose their work flows in all applications within the single sign on domain.  Not using federated log-out would simply give the user a SSO session in to the application for example at a browser refresh, and this without the user knowing and being able to control the situation.

User testing provided useful feedback, and we ended up with a page as displayed above.  If log-out fails from any application (as it sometimes does with HTTP redirect when a server goes down), this is indicated with a warning sign next to the service.  All successful log-outs are marked with green.  The user is advised to explicitly close all browser windows if log-out fails.

Making the end user aware of what applications he is logged in to, is part of the awareness raising for greater security. On the other hand, we do not want to drown the user in information, because than we end up in the Click-OK-to-continue syndrome.  The minimum information required is the names of the services and some graphic indicators of login/log-out situation.

More information about the technical implementation is available in My thoughts about SLO by Andreas Åkre Solberg, and in the SimpelSAMLphp documentation.

Advertisements

Adversity builds character.  Victory builds identity?  First there is the victory of birth, which gives you your birth date.  Then there is the victory of family (or such like) that gives you your name.  Then there is the victory of nations, which gives you your nationality.

Today is May 17th, constitution day in Norway, and this involves a big celebration: children’s parades, brass bands, school bands marching, heavy ice cream eating, sausages, potato-on-a-spoon races, more children’s parades, patriotic speeches, balloons and so on.  The traditional speech starts with “for those of us who experienced the war, 1945, 1905 and 1814” and then moves on to extol the humble origins and humble virtues of the nation.  On the other hand, we celebrate by parading children, not weapons.

Norway is a relatively young nation, we won our independence in 1905, but the constitution dates from 1814.  The national identity is rebuilt and reconfirmed, and history revisited.  Today is the day when every school child in the country march in the parades, on an identity building exercise, dressed up in national costumes or other finery.  Given the normal weather in May, this is sometimes also a character building exercise, as all mittens are off for the celebration (my soul still have childhood scars from frozen fingers gained by playing brass band music outdoors).  This year we had perfect weather in Trondheim, 15-20 centigrades and some wind to lift the heavy woollen skirts of the national costume.

Last night Norway won the Eurovision Song Contest, and our prime minister said that this was a great victory for Norway.  Fun, weirdly entertaining, yes.  Great victory?  That would be conquering global warming, flying to Mars or curing the common cold; or at least that was my initial reaction.  Then it dawned on me that our prime minister was in Spain, about to celebrate Norway’s constitution day with ex-pats and the Spanish prime minister attending the Norwegian children’s parade in Torrevieja.  And the man who won the great victory for Norway was born in Minsk, Belarus, immigrating at the age of four.  The prime minister was right, winning the Eurovision Song Contest was great victory for the national identity, not just another flag waving moment.

Current great victories seem better than the viking approach, or other glorious forefathers.  Glorious forefathers had a hang-up on conquest of the traditional type: rape, pillage and burn (preferably in that order).  Song contests may be better for building identity.