[security] Logout

[Jacob Bellamy]

Hi,

Are we talking about here some mechanism for RPs to specify a time at which
the user's session with their OP should expire? If they could then a RP
could potentially pick a short expirey time that negatively affects the
user's use of OpenID. The user is also unlikely to know the reason as to why
their sessions are timing out so fast, and would likely think it is a
problem with the provider. Or have I misunderstood the question?

- Jacob.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20110506/8d76bb6a/attachment.html>