[OpenID] Feedback from OpenID demo

[Nate Klingenstein]

Peter,

> The Shib2 academic community (and who would want to argue with them,  
> since they have far more USG/UKG money to spend on websso than all  
> of us folks together are spending on openid)

I can assure you this is not the case for the Shibboleth project  
proper, and though I'm not intimately familiar with the funding  
situation for the national federations, I would still take the wager  
if they were included.

Toss in campus IT budgets and of course we end up in the big leagues,  
but very little of that is R&D.

> assert that SLO is the last thing anyone wants/needs.

I'd also like to clarify this, if I may.  We certainly believe a lot  
of people want it, particularly CIO's -- they tell us as much, after  
all.

We are less convinced they know what SLO entails in a federated  
environment, and we're very wary of leading them to believe it's more  
effective than it really is.  As it's relied upon to clear sessions  
that can be associated with sensitive data or apps, we want them to be  
fully aware of what it can and can't do.

We're also not sure what the user intends when they click logout.  Do  
they intend to log out of this application alone, or do they expect to  
be logged out of the IdP/OP as well?  All other applications they've  
logged into with this ID?  I'm not personally convinced this is such a  
huge issue because users already get a variety of behavior here and  
cope with it fine, but the devs are concerned about it.

You can read more of their thoughts here:

https://spaces.internet2.edu/display/SHIB2/SLOIssues

Take care,
Nate.