UbiquityProject.com Ubiquitous Computing (20) Technologies (14) Research Bedrock Aquifer MetaServer Talisman Glossary Tasks User Tasks Maintain Account (3) Signon (4) Signoff Local/Global Soft/Hard Service Tasks (12) Realm Tasks (11) Products (11) / UbiquityProject.com / Research / Talisman / Tasks / User Tasks / Signoff Global Single Signoff Once the user has finished using a particular website, finished a browsing session, or finished using the client as a whole, the user must signoff the system. Just as Talisman supports signing on once globally, Talisman supports users signing off the system across all participating websites with one click. This signoff process can take a number of forms. Local vs. Global Signoff The first decision is whether the user is signing off from a single service, or from all services. For signing off a single service, called local signoff, the account provider would contact the individual service provider and assert that the client identified by its unique identifier should no longer be bound to the user account. In the above examples, the Accounts, Inc. account provider could contact eTrade with the message “the client identified by your eTradeID cookie is no longer alice@accountsinc.com.” Alternatively, in the case of global signoff, the account provider would contact all service providers in turn. Soft vs. Hard Signoff The next decision is whether the signoff should be hard or soft. A soft signoff breaks the connection between the user and the service’s client cookie such that the user will need to signon again upon the next visit. However, a soft signoff leaves the cookie in place for future use. If requested, the account provider could reactivate the cookie at any time. For example, Accounts, Inc. could contact eTrade after a soft signoff with the message “the client identified by your eTradeID is once again alice@accountsinc.com.” In this way, users can safely leave a client without fear of other users masquerading in their place, while retaining the ability to easily return in the future. Hard signoffs, on the other hand, instruct the service providers to discontinue use of the client’s cookies. In this way, service providers will reissue new identification cookies upon the next visit as if the client had never visited before. This is slightly inconvenient to the users (as they will have to signon again), but is a bit more secure.