[OpenID] OpenID and SSO
Hans Granqvist
hans at granqvist.com
Wed Jul 2 22:41:25 UTC 2008
Not sure what you argue, sorry. The RP decides when to force re-authentication,
but also lets the user self-logout whenever if it so wishes.
Isn't that is how web sites that use cookies for authentication work today?
On Wed, Jul 2, 2008 at 1:08 PM, SitG Admin
<sysadmin at shadowsinthegarden.com> wrote:
>> when needed (a la "Good Morning, Alice. If you are not Alice,
>> click here.")
>
> And if I'm not Alice, but merely have access to her computer?
>
> "Good morning, unknown user. We think you are Alice, and will treat you as
> such unless you, as a potential infiltrator, decide to admit that you
> actually aren't Alice."
>
> -Shade
>
More information about the general
mailing list