Once more, LJ valid_to timespan.

Kristopher Tate kris at bbridgetech.com
Fri Jul 1 14:52:07 PDT 2005


On 2005/07/01, at 2:28 PM, Carl Howells wrote:

> It seems that the underlying issue with using very low token 
> expiration times to implement single signoff is that you are 
> essentially creating a polling system to detect signoff.  Something 
> like that creates a lot of unnecessary traffic, and might be a real 
> issue for some higher-use id servers.
>
> I don't know if there is any real relevance in this discussion at this 
> point, since it depends on how the larger debate over this goes.  Even 
> so, I think a polling approach to single signoff isn't the way to go.
>
> Carl

You are right that polling is not the way to go, but instead, why not 
just wait until the ID server sends an http-post that tells the 
consumer to remove all session info on your user. Of course there would 
have to be safe-gaurds in this approach. One being if the ID server is 
really the ID server who governs over that id.

I guess it should be said like this: It's debatable on how we're going 
to get there, but even still, what's easiest for the user? Easily 
logging into everywhere he or she goes and sluggishly going through 
many consumer UIs to logout. Or, easily logging in and then logging out 
through through their ID server, where they are very comfortable with 
one UI -- the ID server's UI.

If you think it's a hassle to log-in with many systems, why make it a 
hassle to log-out everywhere? OpenID should be a full-circle, complete 
solution! This single sign-on only stuff is really silly.

-Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1544 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/yadis/attachments/20050701/6eb7b18a/attachment-0001.bin


More information about the yadis mailing list