This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Logging Out
Logging Out

Version management

Difference between version and

At line 1 added 177 lines
!!! Overview
[{$pagename}] is to end access to a [Operating System], [Application] or a [website].
[{$pagename}] informs the [Operating System], [Application] or a [website] that the current user wishes to end the [session].
Log out is also known as log off, sign off or sign out.
!! Reasons for [{$pagename}]
Reasons for performing [{$pagename}] include:
* [End-User] action
* [Application] [timeout]
* [Identity Provider (IDP)] [timeout]
* [Anomaly Detection] behavior or account compromise
* [Account termination]
!! [{$pagename}] and [Federated Identity Management]
[Single Logout] in [Federated Identity Management] systems presents additional concerns.
Kinds of [{$pagename}] [Messages] in [Federated Identity Management] Systems:
* Request from [Relying Party] to [Identity Provider (IDP)] to log out [End-User]
* Request from [Identity Provider (IDP)] to [Relying Party] to log out [End-User]
** May be sent in parallel to all logged-in [Relying Party]s known to the [Identity Provider (IDP)]
* Chained request to sequentially [Logout Mechanism] series of [Relying Party]s (as used in [SAML])
* Logout confirmation message from [Relying Party] to [Identity Provider (IDP)]
* Logout confirmation message from [Identity Provider (IDP)] to [Relying Party]
Note that hierarchies of [Federated Identity Management] systems may result in an [Relying Party] with one [Identity Provider (IDP)] also being an [Identity Provider (IDP)] to another set of [Relying Party]s
!! [Communication] mechanisms for [{$pagename}] messages
* [Browser]-based [message] delivery methods:
** Redirect from [Relying Party] to [Identity Provider (IDP)]
** GET at [Relying Party] [iframe]
** GET at tiny/hidden [Relying Party] image
** [PostMessage] between [Relying Party] and [Identity Provider (IDP)] frames
** [JavaScript] invocation on [iframe] load
** [iframe]/image loaded notifications within [browser]
** Redirect from [Identity Provider (IDP)] to [Relying Party]
** [Redirection] chain initiated at IdP through all [Relying Party]s to be logged out
* [Back-channel Communication] delivery methods:
** [HTTP GET] or [HTTP POST] from [Identity Provider (IDP)] to [Relying Party]
!! Possible [state] clean-ups at RPs
* User [Session] [State]
** [Cookies]
** [Browser]-based storage (e.g. [HTML5] [LocalStorage], index dB, etc.)
*** Requires JavaScript notification
* Storage in native client (platform-specific and no spec for this)
* [Token Revocation]
** [Access Tokens]
** [Refresh Tokens]
** [Identity Tokens]
!! Possible state clean-ups at IdPs
User [session] [state]
* [Cookies]
* [Tokens]
* Server [database] entries
* List of logged-in [Relying Parties|Relying Party]
!! [{$pagename}] and [Auditing] Information
* IdPs may keep a log of when & where end-users logged in and out
* May be used for service operator [logging] and [auditing]
* May be used by [End-User] to log out undesired [sessions]
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [What Does Logout Mean?|http://self-issued.info/presentations/What_Does_Logout_Mean_Presentation.pdf|target='_blank'] - based on information obtained 2018-03-30-
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop