+1. I would expect this, not because I'd necessarily want it. If I log out of my RP and indicate I want to log out of my OP as well, it's because I'm giving up control of a computer (whether temporarily or permanently is irrelevant). I want ALL web sites to be logged out. With the simplest single-sign-out implementation of "the RP does a signout_setup or signout_immediate" to the OP, the only thing you're going to get is signed out of the OP. <i>That's not enough, and is deceptive to the user</i>. That would be worse than nothing at all. It gives the allusion to the user that he is fully logged out but he is not logged out of any other RP the OP may have logged the user into. <br>
<br>If OpenID is to add single sign-out, it MUST be comprehensive. That is, the OP must coordinate logging the user out of EVERY RP he logged into during that OP's session.<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">2009/5/22 SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com">sysadmin@shadowsinthegarden.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
If I click logout on Facebook site, I can then just walk away from the desktop with the assurance that the session I have with my bank (another RP) is also logged out. La La.. time for coffee, since my money is obviously now safe. AS is my ebay reputation.<br>
<br>
No you cant make that assumption, is what *they* are saying. Even in the tighested, most well managed, perfectly best practices IDP-controlling federation in the world - you cannot make that leap - despite its intuitive validity.<br>
</blockquote>
<br></div>
I'd expect to be able to log out of my OP (disabling future logins to other RP's) without terminating my session at the RP('s) I was already logged into, which is the only way I see of managing this effect.<br>
<br>
-Shade<div><div></div><div class="h5"><br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br>