[OpenID] Feedback from OpenID demo

[SitG Admin]

>Furthermore, one OP SHOULD NOT know that user has sessions on other 
>OPs. By implication, OPx should not know that the user has 
>authorized OPy to release user assertions to those RPs bound only to 
>OPy. As an axiom, no one RP should know that the current 
>user/browser has a view on other RPs.
>
>SLO really only works well in idp-centric trust models,

It may work awkwardly, but here's one possibility:

1) User indicates to RP that they wish to log out. Since the user has 
effectively indicated they wish to terminate further services, the RP 
isn't much worried about sending the user away; the user *could* have 
just closed their window, and still can if the RP doesn't cooperate. 
But it wants to conceal from the OP whether *this* user is 
authenticated to the RP with other OP's, so it *always* requests that 
the OP send the user back to see confirmation of logout, no matter 
what.

2) OP presents user with a list of RP's the user is currently good 
for, with options to log out of just that RP, or all RP's, and maybe 
even individually select which RP's to log out of. The user then 
returns to that first RP, with the option of opening up new 
windows/tabs for other RP's so *they* can confirm that the user has 
logged out; all such referrals suggest checkid_immediate.

3) The first RP, or any other RP, tries checkid_immediate to 
*confirm* that the user has been logged out, then displays a report 
to the user. If any other OP's for that user are known, the RP then 
offers an *option* to log out of *those* OP's, as well.

-Shade