Users on Public Computers
Terrell Russell
terrellrussell at gmail.com
Tue Nov 7 16:30:06 UTC 2006
On 6-Nov-06, at 4:41 PM, Joshua Viney wrote:
> One solution to consider would be a global sign-out feature on
> relying party sites that signs users out of their IdP as well.
>
Again I find myself making a suggestion about the browser layer...
Why could the browser (software) not 'know' that the user has a cookie
set for an IdP (has seen a log-in sequence occur, knows the user is
logged-in and now potentially a sitting duck for the type of 'bad user'
scenario mentioned previously) and display something accordingly.
Users don't think of the internet as being modal, but in this case, with
cookies and common logins across sites, it is. If they're carrying
around a cookie that can get them into a variety of sites, they should
be made aware of that, it seems, continuously. Perhaps an OpenID icon
that becomes bold/clearer/orange when 'activated' right up there near
our friend the 'throbber'. An OpenID throbber.
And perhaps interacting with this icon on screen - it would be smart and
know to take you back to the IdP. Allowing you to log out (or anything
else you would do at your IdP).
If there is more than one IdP cookie, the icon presents a list and
allows for selection?
What limitations are here? Why is depending on each OpenID consumer to
implement things 'well' a better option?
Terrell
http://claimID.com
More information about the user-experience
mailing list