Logout
McGovern, James F (HTSC, IT)
James.McGovern at thehartford.com
Fri Apr 6 17:51:10 UTC 2007
I would think that you wouldn't need to track the notion of a session but have something where the selector that tracked where the card was previously sent in terms of a list would allow you to graphically send another event. You could optionally walk a list based on each card.
-----Original Message-----
From: Johannes Ernst [mailto:jernst+openid.net at netmesh.us]
Sent: Friday, April 06, 2007 12:29 PM
To: McGovern, James F (HTSC, IT)
Cc: specs at openid.net
Subject: Re: Logout
So far, neither OpenID nor CardSpace define the notion of a session, so no common logout is possible within the standard protocols.
What we do in our code at NetMesh is to add a convention where
RP-URL?lid=OPENID
is the same thing as "submitted OpenID URL in the first form", to which the RP-URL responds with a redirect to the OP, while
RP-URL?lid=
means "become anonymous again" aka "logout".
There are substantial usability issues with common logout in a decentralized, "internet-scale" approach, however, that nobody has really solved as far as I know.
*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information. If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited. If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070406/8d4623f7/attachment-0002.htm>
More information about the specs
mailing list