Shade,<br><br>You may have just mistyped, but you mentioned "automatically logging me <b>into </b>those RP's..." I'm talking about logout here, not login. And yes, I believe it should be possible and maybe even default for "Logout" at the RP to just log out of that individual web site. Same for an OP. But a "Total logout" link would also be useful.<br>
<br>I guess this still is deceptive, because the best you can do is log the user out of all OpenID RPs... not the RPs that don't do OpenID. So I guess the user is responsible to make sure he logs out of individual web sites anyway.<br>
<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">2009/5/23 SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com">sysadmin@shadowsinthegarden.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
If OpenID is to add single sign-out, it MUST be comprehensive. That is, the OP must coordinate logging the user out of EVERY RP he logged into during that OP's session.<br>
</blockquote>
<br></div>
But here's where I want granularity: SSO is supposed to make things *easier*, not make some things IMPOSSIBLE.<br>
<br>
If the OP is like a proxy saying "I will automatically log you into whatever RP you have previously approved.", it should logically be possible for me to disable that SSO functionality so it STOPS automatically logging me into those RP's, *without* completely terminating my internet connection by turning off the proxy entirely (i.e., killing my sessions at the RP's I *want* to continue interacting with).<br>
<br>
-Shade<br>
</blockquote></div><br>