headers
Hans Granqvist | 3 Jul 00:41

Re: [OpenID] OpenID and SSO

Not sure what you argue, sorry. The RP decides when to force re-authentication,
but also lets the user self-logout whenever if it so wishes.

Isn't that is how web sites that use cookies for authentication work today?

On Wed, Jul 2, 2008 at 1:08 PM, SitG Admin
<sysadmin <at> shadowsinthegarden.com> wrote:
>> when needed (a la "Good Morning, Alice. If you are not Alice,
>> click here.")
>
> And if I'm not Alice, but merely have access to her computer?
>
> "Good morning, unknown user. We think you are Alice, and will treat you as
> such unless you, as a potential infiltrator, decide to admit that you
> actually aren't Alice."
>
> -Shade
>
Permalink | Reply |
headers
SitG Admin | 3 Jul 13:02

Re: [OpenID] OpenID and SSO

>Not sure what you argue, sorry. The RP decides when to force 
>re-authentication,

Which is either automatic (with SSO) or not (login required at the 
*RP's* discretion).

>but also lets the user self-logout whenever if it so wishes.

But why would the user do that, if it could break their SSO?

-Shade
Permalink | Reply |

Gmane