<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Yes, definitely thanks for the feedback! It's really useful in helping to figure out where to focus the community driven technical efforts.<div><br></div><div>Does Digg see these things as blockers to being able to support OpenID or nice to haves?</div><div><br></div><div>--David</div><div><br><div><div>On May 22, 2009, at 12:16 PM, Luke Shepard wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div> <font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size:11pt">That’s really good feedback, thanks for sending Bill.<br> <br> I just published a blog post exploring these issues. Bill already summarized the ideas, but for a flushed out description, check it out:<br> <br> <a href="http://www.sociallipstick.com/2009/05/logout-the-other-half-of-the-identity-equation/">http://www.sociallipstick.com/2009/05/logout-the-other-half-of-the-identity-equation/</a><br> <br> On 5/22/09 9:47 AM, "Bill Shupp" <<a href="hostmaster@shupp.org">hostmaster@shupp.org</a>> wrote:<br> <br> </span></font><blockquote><font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size:11pt">I did a quick internal OpenID demo here at Digg yesterday, and thought <br> I'd share the feedback here.<br> <br> There were about 20 people there, of which maybe 3 had used OpenID. <br> Some people were not technical, though most were. Featured in the <br> demo were Plaxo and Facebook for RPs, and Google and MyOpenID as OPs. <br> The feedback was not terribly positive, and the criticisms focused on <br> two areas:<br> <br> 1) Lack of Single Sign Out in the protocol<br> 2) "Automatic Login", as implemented currently at Facebook<br> <br> Obviously, #2 really highlighted #1. People thought that login should <br> be an explicit action, not automatic. When discussing #1, I mentioned <br> an idea that Luke Shepard shared this week at IIW, of adding <br> "logout_setup" and "logout_immediate" to the protocol. The idea being <br> that if you click logout on the RP, it could send a "logout_setup" to <br> the OP, which would trigger a popup asking if you also want to logout <br> of the OP as well. This idea got a pretty favorable response, and <br> seemed to satisfy some of those concerned with the Single Sign Out <br> issue. "logout_immediate" could behave similar to <br> "checkid_immediate", where the logout is performed without user <br> interaction, and might be favored by higher value RPs like mint.com or <br> the like. Obviously, there's room for RP abuse here, though.<br> <br> Cheers,<br> <br> Bill Shupp<br> _______________________________________________<br> general mailing list<br> <a href="general@openid.net">general@openid.net</a><br> <a href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</a><br> <br> </span></font></blockquote> </div> _______________________________________________<br>general mailing list<br><a href="mailto:general@openid.net">general@openid.net</a><br>http://openid.net/mailman/listinfo/general<br></blockquote></div><br></div></body></html>