<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16414" name=GENERATOR></HEAD>
<BODY
style="WORD-WRAP: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space">
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=834232918-06042007>I
think this means that the Selector MUST implement async firing capability. A
user should not wait nor should this be syncronous. Likewise if a session has
already been logged out, then by "contract" then the RP should simply
ignore.</SPAN></FONT></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Johannes Ernst
[mailto:jernst+openid.net@netmesh.us]<BR><B>Sent:</B> Friday, April 06, 2007
2:25 PM<BR><B>To:</B> McGovern, James F (HTSC, IT)<BR><B>Cc:</B>
specs@openid.net<BR><B>Subject:</B> Re: Logout<BR><BR></FONT></DIV>That might
be hard from a usability perspective, and in my experience, the underlying
user requirement tends to be a variation of "I am about to go to lunch with
the guys waiting in the hall way, log me out of all apps I'm currently logged
in but take no more than 10 seconds because otherwise they will leave without
me. Or at least the critical ones." (which is where it gets hard to design
this right) Where sessions come in is that again from a usability perspective,
the user should not have to "log out" from apps that he currently isn't logged
into (because the session expired, for example).
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV><BR>
<DIV>
<DIV>On Apr 6, 2007, at 10:51, McGovern, James F ((HTSC, IT)) wrote:</DIV><BR
class=Apple-interchange-newline>
<BLOCKQUOTE type="cite">
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=116264817-06042007>I
would think that you wouldn't need to track the notion of a session but have
something where the selector that tracked where the card was previously sent
in terms of a list would allow you to graphically send another event. You
could optionally walk a list based on each card.</SPAN></FONT></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Johannes Ernst [<A
href="mailto:jernst+openid.net@netmesh.us">mailto:jernst+openid.net@netmesh.us</A>]<BR><B>Sent:</B>
Friday, April 06, 2007 12:29 PM<BR><B>To:</B> McGovern, James F (HTSC,
IT)<BR><B>Cc:</B> <A
href="mailto:specs@openid.net">specs@openid.net</A><BR><B>Subject:</B> Re:
Logout<BR><BR></FONT></DIV>So far, neither OpenID nor CardSpace define the
notion of a session, so no common logout is possible within the standard
protocols.
<DIV><FONT face=Arial color=#0000ff size=2></FONT><BR
class=khtml-block-placeholder></DIV>
<DIV>What we do in our code at NetMesh is to add a convention where</DIV>
<DIV> RP-URL?lid=OPENID</DIV>
<DIV>is the same thing as "submitted OpenID URL in the first form", to
which the RP-URL responds with a redirect to the OP, while</DIV>
<DIV> RP-URL?lid=</DIV>
<DIV>means "become anonymous again" aka "logout".</DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT><BR
class=khtml-block-placeholder></DIV>
<DIV>There are substantial usability issues with common logout in a
decentralized, "internet-scale" approach, however, that nobody has really
solved as far as I know.</DIV>
<DIV><FONT face=Arial color=#0000ff
size=2></FONT> </DIV></BLOCKQUOTE><FONT
size=3><BR><BR>*************************************************************************<BR>This
communication, including attachments, is<BR>for the exclusive use of
addressee and may contain proprietary,<BR>confidential and/or privileged
information. If you are not the intended<BR>recipient, any use, copying,
disclosure, dissemination or distribution is<BR>strictly prohibited. If you
are not the intended recipient, please notify<BR>the sender immediately by
return e-mail, delete this communication and<BR>destroy all
copies.<BR>*************************************************************************<BR></FONT>
<DIV
style="MARGIN: 0px">_______________________________________________</DIV>
<DIV style="MARGIN: 0px">specs mailing list</DIV>
<DIV style="MARGIN: 0px"><A
href="mailto:specs@openid.net">specs@openid.net</A></DIV>
<DIV style="MARGIN: 0px"><A
href="http://openid.net/mailman/listinfo/specs">http://openid.net/mailman/listinfo/specs</A></DIV></BLOCKQUOTE></DIV><BR></DIV></BLOCKQUOTE></BODY></HTML>