Login Federation
Tatsuya KATSUHARA
t-katsuhara at nri.co.jp
Wed Feb 20 12:24:30 UTC 2008
Thanks!
1st: How to input OpenID implicitly.
2nd: How to SLO from RP/OP(How to notify to RP or OP).
For 1st, you issue site-specific session cookie and notify the value
of *isLoggedin* attribute requested on the last? explicit login from
RP and UA'll get the authenticated session cookie via IMG tag. I think
federationId should include OpenID/iname, or RP get anonymous user's
authenticated session. Do you mention it?
Incidentally, I think it's enough that browser extention feeds OpenID
to the form automatically and start with openid.mode="immedidate".
For 2nd, what you say is good way. In fact SAML2.0 do SingleLogOut
negotiation. To add another word, it would be good to add RP-initiate
logout scenario.
As I said, browser extention acheve to logout automatically. But
SingleLogOut timing should be right unlike SingleSingIn in the view of
security. If any, please let me know good ideas.
In all honesty, I feel this draft is a little tricky, but whether
OpenID that is low-coupled takes SingleSingIn/LogOut into spec or not
is very interesting issue. I would like to know how do subscribers
think...
--
=katsuhara <http://xri.net/=katsuhara>
John Ehn wrote:
> I've posted a Draft 0 version to the OpenID Wiki. Please feel free to
> comment and modify as needed.
>
> http://wiki.openid.net/Federation_Extension
>
> Thanks,
>
> John
>
> On 2/19/08, John Ehn <john at extremeswank.com> wrote:
>> Brett,
>>
>> No formal process. All RFC through the mailing list.
>>
>> Thanks,
>>
>> John
>>
>>
>> On 2/19/08, Brett Carter <brett at rdnzl.net> wrote:
>>> John Ehn wrote:
>>>> Sounds good. I'm working on a draft. Once it's in a readable state,
>>>> I'll post it for comments.
>>>>
>>>> Thanks!
>>> Is there a formal process for submitting a proposal yet? Or are we just
>>> going with RFC format for now?
>>> -Brett
>>>
>>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list