[OpenID] Logout Use Case
SitG Admin
sysadmin at shadowsinthegarden.com
Sat Oct 3 04:06:57 UTC 2009
>I don't understand how you can use an OP to log into an RP without
>the OP being aware that it's sending that assertion.
Sure. But if you're using OP1 *and* OP2 to login at RP3 (say, via
MultiAuth), then the user should be able to keep OP1 and OP2 unaware
of each other; so, when RP4 (which only knows the user through OP1)
tells the user to logout from all of OP1's sessions, it can only send
the user to OP1; will OP1 also send the user to all the RP's it
knows, just in case any of them is currently using MultiAuth with the
user?
-Shade
More information about the general
mailing list