<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; ">That might be hard from a usability perspective, and in my experience, the underlying user requirement tends to be a variation of "I am about to go to lunch with the guys waiting in the hall way, log me out of all apps I'm currently logged in but take no more than 10 seconds because otherwise they will leave without me. Or at least the critical ones." (which is where it gets hard to design this right) Where sessions come in is that again from a usability perspective, the user should not have to "log out" from apps that he currently isn't logged into (because the session expired, for example).<DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR><DIV><DIV>On Apr 6, 2007, at 10:51, McGovern, James F ((HTSC, IT)) wrote:</DIV><BR class="Apple-interchange-newline"><BLOCKQUOTE type="cite"> <DIV><FONT face="Arial" color="#0000ff" size="2"><SPAN class="116264817-06042007">I would think that you wouldn't need to track the notion of a session but have something where the selector that tracked where the card was previously sent in terms of a list would allow you to graphically send another event. You could optionally walk a list based on each card.</SPAN></FONT></DIV> <BLOCKQUOTE dir="ltr" style="MARGIN-RIGHT: 0px"> <DIV class="OutlookMessageHeader" dir="ltr" align="left"><FONT face="Tahoma" size="2">-----Original Message-----<BR><B>From:</B> Johannes Ernst [<A href="mailto:jernst+openid.net@netmesh.us">mailto:jernst+openid.net@netmesh.us</A>]<BR><B>Sent:</B> Friday, April 06, 2007 12:29 PM<BR><B>To:</B> McGovern, James F (HTSC, IT)<BR><B>Cc:</B> <A href="mailto:specs@openid.net">specs@openid.net</A><BR><B>Subject:</B> Re: Logout<BR><BR></FONT></DIV>So far, neither OpenID nor CardSpace define the notion of a session, so no common logout is possible within the standard protocols. <DIV><FONT face="Arial" color="#0000ff" size="2"></FONT><BR class="khtml-block-placeholder"></DIV> <DIV>What we do in our code at NetMesh is to add a convention where</DIV> <DIV> RP-URL?lid=OPENID</DIV> <DIV>is the same thing as "submitted OpenID URL in the first form", to which the RP-URL responds with a redirect to the OP, while</DIV> <DIV> RP-URL?lid=</DIV> <DIV>means "become anonymous again" aka "logout".</DIV> <DIV><FONT face="Arial" color="#0000ff" size="2"></FONT><BR class="khtml-block-placeholder"></DIV> <DIV>There are substantial usability issues with common logout in a decentralized, "internet-scale" approach, however, that nobody has really solved as far as I know.</DIV> <DIV><FONT face="Arial" color="#0000ff" size="2"></FONT> </DIV></BLOCKQUOTE><FONT size="3"><BR> <BR> *************************************************************************<BR> This communication, including attachments, is<BR> for the exclusive use of addressee and may contain proprietary,<BR> confidential and/or privileged information. If you are not the intended<BR> recipient, any use, copying, disclosure, dissemination or distribution is<BR> strictly prohibited. If you are not the intended recipient, please notify<BR> the sender immediately by return e-mail, delete this communication and<BR> destroy all copies.<BR> *************************************************************************<BR> </FONT><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">_______________________________________________</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">specs mailing list</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="mailto:specs@openid.net">specs@openid.net</A></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="http://openid.net/mailman/listinfo/specs">http://openid.net/mailman/listinfo/specs</A></DIV> </BLOCKQUOTE></DIV><BR></DIV></BODY></HTML>