kris at bbridgetech.com
Fri Jul 1 10:26:44 PDT 2005
A common problem that is now arising is that once we have logged on,
how do we effortlessly log-out of each OpenID consumer?
From my response in Once more, LJ valid_to timespan :
> On Level9's WebKit, after we have extended to a site that xyz user is
> logged-in, if xyz user decides to log-out of any Level9 WebKit service
> or <mylevel9.com>, Our servers will go to each site and tell the sites
> that xyz user has logged out. We do this via XMLRPC, but it could
> easily be implemented via http-post. We need a mode that logs users
Mr. Richard Russo's response on the same topic:
> [...] allows plenty of time for me to log out of livejournal, and my
> roomate to get on my computer and use some other site pretending to be
> me. And maybe not even realize it. (If we're friends, and we both go
> to the same meme site because one of our common friends suggested it).
> Since OpenID provides single sign on (effectively), it's not
> unreasonable for users to expect single sign off.
Either way, I think it is time for us to think about Single-Sign-Off.
More information about the yadis