Once more, LJ valid_to timespan.

[Troy Benjegerdes]

On Fri, Jul 01, 2005 at 02:52:07PM -0700, Kristopher Tate wrote:
> On 2005/07/01, at 2:28 PM, Carl Howells wrote: 
> 
> 
> > It seems that the underlying issue with using very low token 
> > expiration times to implement single signoff is that you are 
> > essentially creating a polling system to detect signoff.  Something 
> > like that creates a lot of unnecessary traffic, and might be a real 
> > issue for some higher-use id servers. 
> >  
> > I don't know if there is any real relevance in this discussion at 
> > this point, since it depends on how the larger debate over this 
> > goes.  Even so, I think a polling approach to single signoff isn't 
> > the way to go. 
> > 
> > Carl 
> > 
>  
> You are right that polling is not the way to go, but instead, why not 
> just wait until the ID server sends an http-post that tells the 
> consumer to remove all session info on your user. Of course there would 
> have to be safe-gaurds in this approach. One being if the ID server is 
> really the ID server who governs over that id. 

Polling is going to be the only *secure* way to go.

Users will notice not being able to log-in, and they'll just be
annoyed, and the brokenness will get fixed quickly.

When some dynamic log-out notification method breaks, nobody is going to
notice until some user finds out they are logged in as someone else, and
they will be WAAYY more pissed off. Possibly even to the lawsuit level
of pissed off.

Polling shouldn't be any more overhead than the 4 or 5 http transactions
you are going to serve out to the user anyway.

Also think about this... frequent polling is going to be a great way for
popular openid servers to detect hacking/cracking/spamming attempts.
Someone's going to break the security on some site somewhere.. if
polling is the default, you might have a chance to do something about it
and limit the damage.