[OpenID] Feedback from OpenID demo

[Luke Shepard]

> I currently leave the OpenID headers missing from my site, and the OP
> unavailable; if I ever want to log in with OpenID, these can both be
> put back in place just long enough for that.

Let's be realistic. This type of situation does not apply to the majority of the readers of this list, not to mention the rest of the internet.

> If a RP were to check back in again later on, when I had not explicitly commanded it to do
> so (and thus been expecting that, in advance, so I knew to make this
> possible), it would then experience an error.

Then you have chosen not to support checkid_immediate. That's fine, there is competition among providers and some will choose providers that give them more control. But it's not like this is some crazy idea from left field - it is in the spec.

The changes that Bill and I proposed (way back on the thread) are to make it *possible* for an OpenID provider to *offer* its users the ability to have a single signon/signout concept. For example, if Facebook were to become an OpenID provider, it would want to offer that functionality to mirror what is currently available with Facebook Connect.

We're trying to solve this problem: suppose there are some relying parties, some providers, and some users that want to build a single sign in / sign out system. How would they go about doing that using open standards?

That doesn't mean that everyone has to do it. We just want to figure out how we COULD do it for those that wish to support it.

P.S. I'll just pimp my blog again, which has a further description of what I'm trying to achieve with these changes:
http://www.sociallipstick.com/2009/05/logout-the-other-half-of-the-identity-equation/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090526/6a70a3d5/attachment.htm>