[OpenID] Feedback from OpenID demo

[Luke Shepard]

That's really good feedback, thanks for sending Bill.

I just published a blog post exploring these issues. Bill already summarized the ideas, but for a flushed out description, check it out:

http://www.sociallipstick.com/2009/05/logout-the-other-half-of-the-identity-equation/

On 5/22/09 9:47 AM, "Bill Shupp" <hostmaster at shupp.org> wrote:

I did a quick internal OpenID demo here at Digg yesterday, and thought
I'd share the feedback here.

There were about 20 people there, of which maybe 3 had used OpenID.
Some people were not technical, though most were.  Featured in the
demo were Plaxo and Facebook for RPs, and Google and MyOpenID as OPs.
The feedback was not terribly positive, and the criticisms focused on
two areas:

1) Lack of Single Sign Out in the protocol
2) "Automatic Login", as implemented currently at Facebook

Obviously, #2 really highlighted #1.  People thought that login should
be an explicit action, not automatic.  When discussing #1, I mentioned
an idea that Luke Shepard shared this week at IIW, of adding
"logout_setup" and "logout_immediate" to the protocol.  The idea being
that if you click logout on the RP, it could send a "logout_setup" to
the OP, which would trigger a popup asking if you also want to logout
of the OP as well.  This idea got a pretty favorable response, and
seemed to satisfy some of those concerned with the Single Sign Out
issue.  "logout_immediate" could behave similar to
"checkid_immediate", where the logout is performed without user
interaction, and might be favored by higher value RPs like mint.com or
the like.  Obviously, there's room for RP abuse here, though.

Cheers,

Bill Shupp
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090522/e75c9d23/attachment.htm>