[OpenID] Feedback from OpenID demo
SitG Admin
sysadmin at shadowsinthegarden.com
Sat May 23 02:26:44 UTC 2009
>If I click logout on Facebook site, I can then just walk away from
>the desktop with the assurance that the session I have with my bank
>(another RP) is also logged out. La La.. time for coffee, since my
>money is obviously now safe. AS is my ebay reputation.
>
>No you cant make that assumption, is what *they* are saying. Even in
>the tighested, most well managed, perfectly best practices
>IDP-controlling federation in the world - you cannot make that leap
>- despite its intuitive validity.
I'd expect to be able to log out of my OP (disabling future logins to
other RP's) without terminating my session at the RP('s) I was
already logged into, which is the only way I see of managing this
effect.
-Shade
More information about the general
mailing list