Once more, LJ valid_to timespan.
kris at bbridgetech.com
Fri Jul 1 14:52:07 PDT 2005
On 2005/07/01, at 2:28 PM, Carl Howells wrote:
> It seems that the underlying issue with using very low token
> expiration times to implement single signoff is that you are
> essentially creating a polling system to detect signoff. Something
> like that creates a lot of unnecessary traffic, and might be a real
> issue for some higher-use id servers.
> I don't know if there is any real relevance in this discussion at this
> point, since it depends on how the larger debate over this goes. Even
> so, I think a polling approach to single signoff isn't the way to go.
You are right that polling is not the way to go, but instead, why not
just wait until the ID server sends an http-post that tells the
consumer to remove all session info on your user. Of course there would
have to be safe-gaurds in this approach. One being if the ID server is
really the ID server who governs over that id.
I guess it should be said like this: It's debatable on how we're going
to get there, but even still, what's easiest for the user? Easily
logging into everywhere he or she goes and sluggishly going through
many consumer UIs to logout. Or, easily logging in and then logging out
through through their ID server, where they are very comfortable with
one UI -- the ID server's UI.
If you think it's a hassle to log-in with many systems, why make it a
hassle to log-out everywhere? OpenID should be a full-circle, complete
solution! This single sign-on only stuff is really silly.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 1544 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/yadis/attachments/20050701/6eb7b18a/attachment-0001.bin
More information about the yadis