OpenID Single-Sign-Off

Kristopher Tate kris at
Fri Jul 1 16:46:25 PDT 2005

Kurt, It makes even _more_ sense because it's on the Internet.

The Internet is much bigger, and definitely less secure than a LAN. 
This makes SSO protocols have to think about everything, from end to 

All of us want OpenID to be as light as possible, but honestly, I don't 
know if it's safe to just allow users to go out there unaware if they 
are logged in or out of any consumer. There are forgetful people who 
use public computers frequently, people who might forget to logout of a 
site, and trust that everything will be okay.

If we are never going to propose or accept a single sign-off mode, then 
atleast we need standards/guidelines written in the spec explaining 
good practices for both ID servers and consumers to deal with session 


On 2005/07/01, at 4:34 PM, Kurt Raschke wrote:
> However, given that OpenID producers and consumers are on the 
> Internet, and operated by various entities with various security 
> policies in terms of session time-out and such, I'm not sure that it 
> makes sense in this case.
> Is there something here I'm not seeing?
> -Kurt

More information about the yadis mailing list