[OpenID] Feedback from OpenID demo
Bill Shupp
hostmaster at shupp.org
Thu May 28 00:53:23 UTC 2009
On May 27, 2009, at 11:22 AM, Luke Shepard wrote:
> Actually, I think that we can accomplish most useful use cases using
> just logout_setup.
>
> An OP can choose to redirect back immediately if it doesn’t want to
> have user interaction. For example, suppose you go to blogger.com
> and are signed in with your google account. If you click “logout”,
> then you are redirected to a www.google.com url, which clears your
> cookies, and then immediately directs you back. However, if Google
> wanted to, it could choose to require some user action. So I like
> logout_setup because it leaves it at the discretion of the provider
> (and ultimately, the user who chooses their provider).
>
This is an interesting idea, leaving the user interaction decision in
the hands of the OP, not the RP. The issue have is the possibility
that the user might think they have logged out of *all* RPs with this
action. If the OP decides to not interact with the end user, it might
reinforce this perception.
What if the OP (interacting with the end user in a popup from a
logout_setup call, for example), in addition to showing the "do you
want to log out of OP x as well?" dialog, also showed a list of
recently authenticated RPs as a reminder of where else they might want
to log out of? For example, "You just logged out of RP x. You
recently logged into RPs y and z as well, don't forget to log out of
those too". myOpenID shows you an activity log when logged in to
their site, and this is the same idea, just presented differently, and
in a logout context, but still from the OP.
Regards,
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090527/0be625e0/attachment.htm>
More information about the general
mailing list