logout and misc Qs --shib idp

Peter Schober peter.schober at univie.ac.at
Mon Nov 5 17:51:03 EST 2012

* David Langenberg <davel at uchicago.edu> [2012-11-05 23:35]:
> Two problems with the above scenarios.  The kiosk problem wave-off
> naively assumes that those running the shibboleth service have the
> ability to directly and strongly influence configuration of said
> kiosks.  Now, granted, for kiosks managed by central IT, yes, piece of
> cake.  For kiosks managed by other entities around campus though, the
> best we can do is ask nicely and the results are always piecemeal.

Someone is unhappy with those kiosks (in the position I've described
the kisok needs fixing, not every webapp and/or IdP in the
world). "Motivation" to change should be directed to those responsible
for these machines.

> The internet cafe problem you also can't just hand-wave away.  Yes, in
> much of the world it's not a problem to BYOD, however, there is still
> a not-insignificant population of user out there who when working in
> the field in some 3rd world area needs to occasionally access
> enterprise resources with enterprise credentials from an un-trustable
> computer.

I didn't say it's not a problem. I said you've got much larger
problems to worry about than SLO then, e.g. key loggers.
(Unless you deployed OTP systems which also work under these
conditions, maybe.)

More information about the users mailing list