Minutes From Meeting Today

David Strauss mailinglists at fourkitchens.com
Sat Jun 24 15:46:38 UTC 2006


Dick Hardt wrote:
> Since the user logs in to each site separately, and given the issues
> above and other that I don't recall, we concluded that Single Sign Off
> was tough to implement and did not provide much if any value.

What about a server-side, backend signoff facility? Sites, when sending
the user to the OpenID server for signon, can send how long their local
signon session lasts. That way, the OpenID server can track which sites
are still signed on.

The user can then view on his or her OpenID server what sites are signed
on. Individual sites on the list could have a signoff button next to
them, and there could be one big "sign off all" button. That would solve
any user confusion.

Using the same return_url that the OpenID server submits user
verification to, the server could make a GET signoff request that the
consuming site can use to find and invalidate the session.

There would be no issue with cookie reloading or cross-browser
compatibility because the invalidation would be in the OpenID consumer
database, not in the session-tracking cookie.

David Strauss
Four Kitchen Studios, LLC
GetOpenID.com


More information about the yadis mailing list