Then I return to "Why doesn't the RP know which OP sent the assertion?" In Peter's scenario the RP forgets all OpenID state regarding which OP sent the assertion because it wasn't needed any more. But doesn't wanting to log the user out of the OP suggest that it <i>is</i> needed? Saying "I can't do that because I forgot the details since I didn't need them any more" is a self-contradicting statement. If you need them for log off, don't forget them. :)<br>
<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">2009/5/14 SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com">sysadmin@shadowsinthegarden.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Peter, the claimed identifier which the RP associates with the local<br>
user account is the same for every login regardless of which OP in the<br>
xrds is selected to authenticate the user. You seemed to say that if<br>
OP #3 was selected the RP might not recognize the asserted user but<br>
the selected OP should be irrelevant. Or am I misunderstanding you?<br>
</blockquote>
<br></div>
My understanding (which may be wrong) is that, if an XRDS file lists several OP's, the RP might select one for logout that had not been aware the user was logged into that RP, because the user had been logged in with another.<br>
<br>
-Shade<br>
</blockquote></div><br>