<div>This can be pretty easily done by piggy-backing on the Attribute Exchange extension. Have your OpenID Provider store a "IsLoggedIn" variable. When the value is updated, the OpenID Provider can update all the websites subscribing to the value.</div>
<div> </div>
<div>The tricky part is having the web browser be automatically identifiable from all of these supported sites. My first thought would be:</div>
<div> </div>
<div>* Store and send out the value in of the IsLoggedIn variable to all the websites</div>
<div>* Give the browser multiple session cookies that are visible from each of the websites that the values was sent to, which contains a hash of the value plus the website URL.</div>
<div>* When the website sees the cookie, it can take the cookie, generate and compare the hash. If the hashes match, automatically do an OpenID login</div>
<div>* When the user logs out at the OpenID Provider, AX will update all subscribing websites, thereby logging the user out of all sites</div>
<div> </div>
<div>Although, I believe most web browsers won't let you store cookies that are visible from multiple sites. Perhaps someone more familiar with these mechanics and chip in? Maybe somehow detect the web browser's "signature" without involving any functionality in the browser itself?</div>
<div> </div>
<div>Thanks,</div>
<div> </div>
<div>John Ehn</div>
<div><a href="http://extremeswank.com">extremeswank.com</a><br> </div>
<div><span class="gmail_quote">On 2/18/08, <b class="gmail_sendername">Martin Paljak</b> <<a href="mailto:martin@paljak.pri.ee">martin@paljak.pri.ee</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><br>On Feb 18, 2008, at 5:11 PM, McGovern, James F (HTSC, IT) wrote:<br>> Likewise, I would think that for automatic signon, it would be a good<br>
> thing if the OpenID provider could tell the relying party how long to<br>> leave an otherwise idle session open before timing it out. Not sure if<br>> this would require an extension or not.<br><br>expires_in from <a href="http://openid.net/specs/openid-authentication-2_0.html#anchor20">http://openid.net/specs/openid-authentication-2_0.html#anchor20</a><br>
should do exactly this.<br><br>m.<br>--<br>Martin Paljak<br><a href="http://martin.paljak.pri.ee">http://martin.paljak.pri.ee</a><br>+3725156495<br><br><br>_______________________________________________<br>specs mailing list<br>
<a href="mailto:specs@openid.net">specs@openid.net</a><br><a href="http://openid.net/mailman/listinfo/specs">http://openid.net/mailman/listinfo/specs</a><br></blockquote></div><br>