[OpenID] Feedback from OpenID demo

Andrew Arnott andrewarnott at gmail.com
Sat May 23 19:36:50 UTC 2009 

+1.  I would expect this, not because I'd necessarily want it.  If I log out
of my RP and indicate I want to log out of my OP as well, it's because I'm
giving up control of a computer (whether temporarily or permanently is
irrelevant).  I want ALL web sites to be logged out.  With the simplest
single-sign-out implementation of "the RP does a signout_setup or
signout_immediate" to the OP, the only thing you're going to get is signed
out of the OP.  *That's not enough, and is deceptive to the user*.  That
would be worse than nothing at all.  It gives the allusion to the user that
he is fully logged out but he is not logged out of any other RP the OP may
have logged the user into.

If OpenID is to add single sign-out, it MUST be comprehensive.  That is, the
OP must coordinate logging the user out of EVERY RP he logged into during
that OP's session.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre


2009/5/22 SitG Admin <sysadmin at shadowsinthegarden.com>

> If I click logout on Facebook site, I can then just  walk away from the
>> desktop with the assurance that the session I have with my bank (another RP)
>> is also logged out. La  La.. time for coffee, since my money is obviously
>> now safe. AS is my ebay reputation.
>>
>> No you cant make that assumption, is what *they* are saying. Even in the
>> tighested, most  well managed, perfectly best practices IDP-controlling
>> federation in the world - you cannot make that leap - despite its intuitive
>> validity.
>>
>
> I'd expect to be able to log out of my OP (disabling future logins to other
> RP's) without terminating my session at the RP('s) I was already logged
> into, which is the only way I see of managing this effect.
>
> -Shade
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090523/0e7f6e35/attachment.htm>

More information about the general mailing list