Comments on: Logout: the other half of the identity equation http://www.sociallipstick.com/?p=189 Just slap it on. Mon, 06 Sep 2010 09:41:10 +0000 http://wordpress.org/?v=2.7-hemorrhage hourly 1 By: bulldog http://www.sociallipstick.com/?p=189#comment-2199 bulldog Mon, 30 Aug 2010 02:07:03 +0000 http://www.sociallipstick.com/?p=189#comment-2199 <strong> bulldog http://jmp3cwvu.AWESOMEBABYCLOTHES.INFO/tag/for+Adoption+bulldog+Bulldog/ : Bulldog...</strong> Bulldog... bulldog http://jmp3cwvu.AWESOMEBABYCLOTHES.INFO/tag/for+Adoption+bulldog+Bulldog/ : Bulldog…

Bulldog…

]]> By: BOBBY http://www.sociallipstick.com/?p=189#comment-2184 BOBBY Fri, 02 Jul 2010 04:35:29 +0000 http://www.sociallipstick.com/?p=189#comment-2184 <strong><blockquote><a href="http://pillspot.org/" rel="nofollow">Pillspot.org. Canadian Health&Care.No prescription online pharmacy.Special Internet Prices.Best quality drugs. High quality pills. Buy pills online</a>...</strong> Buy:Seroquel.Lipothin.Buspar.Zocor.Wellbutrin SR.Prozac.Advair.Benicar.Female Pink Viagra.SleepWell.Nymphomax.Amoxicillin.Lipitor.Cozaar.Ventolin.Female Cialis.Acomplia.Lasix.Zetia.Aricept....
Pillspot.org. Canadian Health&Care.No prescription online pharmacy.Special Internet Prices.Best quality drugs. High quality pills. Buy pills online

Buy:Seroquel.Lipothin.Buspar.Zocor.Wellbutrin SR.Prozac.Advair.Benicar.Female Pink Viagra.SleepWell.Nymphomax.Amoxicillin.Lipitor.Cozaar.Ventolin.Female Cialis.Acomplia.Lasix.Zetia.Aricept….

]]> By: Facebook User http://www.sociallipstick.com/?p=189#comment-2081 Facebook User Fri, 17 Jul 2009 03:47:39 +0000 http://www.sociallipstick.com/?p=189#comment-2081 I read your post on the fb dev forum on single-sign on, and responded there. Now that I've this post on why only option 3 makes sense, I have more to add. First of all, I think you your P and Q are wrong. It just isn't true that being logged in on fb makes you logged in at the Run Around. Logging in to the Run Around doesn't actually happen until you first _arrive_ there. Here's how I see it: If you are logged in to a provider, then you can log in at a relying party. The contra-positive of this is If you cannot log in at a relying party, you are not logged in to a provider. This statement doesn't tell us anything about how logging out should work. Ultimately, what we should be asking ourselves is What do users want? While this is best answered by conducting a survey, I'm going to argue for not logging out at the provider (option 2). If you're at the Run Around, and you start clicking links and buttons, you will pretty much expect your actions will only affect things on the Run Around, except for things that explicitly have to do with fb (like posting stories to your news feed). This includes the "log out" link; it should only log you out of the Run Around. Suppose we want to be absolutely clear to the user about what the log out link does. We might change the text to say "log out of the Run Around and log out of Facebook". Aside from being an eyeful, the user is going to wonder, "How can I just log out of the Run Around? I'm not done doing stuff on fb!". You see, it makes perfect sense to the user that he can be logged out of the Run Around while he is logged in at fb. I read your post on the fb dev forum on single-sign on, and responded there. Now that I’ve this post on why only option 3 makes sense, I have more to add. First of all, I think you your P and Q are wrong. It just isn’t true that being logged in on fb makes you logged in at the Run Around. Logging in to the Run Around doesn’t actually happen until you first _arrive_ there.

Here’s how I see it:

If you are logged in to a provider, then you can log in at a relying party.

The contra-positive of this is

If you cannot log in at a relying party, you are not logged in to a provider.

This statement doesn’t tell us anything about how logging out should work.

Ultimately, what we should be asking ourselves is What do users want? While this is best answered by conducting a survey, I’m going to argue for not logging out at the provider (option 2). If you’re at the Run Around, and you start clicking links and buttons, you will pretty much expect your actions will only affect things on the Run Around, except for things that explicitly have to do with fb (like posting stories to your news feed). This includes the “log out” link; it should only log you out of the Run Around.

Suppose we want to be absolutely clear to the user about what the log out link does. We might change the text to say “log out of the Run Around and log out of Facebook”. Aside from being an eyeful, the user is going to wonder, “How can I just log out of the Run Around? I’m not done doing stuff on fb!”. You see, it makes perfect sense to the user that he can be logged out of the Run Around while he is logged in at fb.

]]> By: Facebook’s transparent use of OpenID | ../learninglab/joss http://www.sociallipstick.com/?p=189#comment-2075 Facebook’s transparent use of OpenID | ../learninglab/joss Tue, 16 Jun 2009 10:50:58 +0000 http://www.sociallipstick.com/?p=189#comment-2075 [...] know of three important blog posts about Facebook’s use of OpenID, two from Luke Shepard, the principle developer of OpenID on Facebook and another from Simon Willison. A month before [...] [...] know of three important blog posts about Facebook’s use of OpenID, two from Luke Shepard, the principle developer of OpenID on Facebook and another from Simon Willison. A month before [...]

]]> By: Michael Malone http://www.sociallipstick.com/?p=189#comment-2060 Michael Malone Fri, 22 May 2009 21:05:15 +0000 http://www.sociallipstick.com/?p=189#comment-2060 Luke, totally agree with you, you're dead on with this one. In addition to UX, I think single sign-out is necessary for security. Think about when people typically log out of a service. It's usually when they're on someone else's machine or on a public terminal. If I use Facebook Connect to log into your blog and post a comment I'm creating a session authenticating me on Facebook. It's misleading and potentially dangerous if you don't destroy that session when I logout. The next person to sit down at that machine and visit Facebook will be logged into my account. How is this handled with the non single sign-on OpenID flow? If I log into a third-party site using Google I'm going to have to log into / create a session on Google. It's probably not clear to the average user that, in order to log out, they'll need to return to Google and log out there in addition to logging out on the third party site... So there may even be an argument to support single sign-out even for sites that don't support single sign-in... Luke, totally agree with you, you’re dead on with this one. In addition to UX, I think single sign-out is necessary for security. Think about when people typically log out of a service. It’s usually when they’re on someone else’s machine or on a public terminal. If I use Facebook Connect to log into your blog and post a comment I’m creating a session authenticating me on Facebook. It’s misleading and potentially dangerous if you don’t destroy that session when I logout. The next person to sit down at that machine and visit Facebook will be logged into my account.

How is this handled with the non single sign-on OpenID flow? If I log into a third-party site using Google I’m going to have to log into / create a session on Google. It’s probably not clear to the average user that, in order to log out, they’ll need to return to Google and log out there in addition to logging out on the third party site… So there may even be an argument to support single sign-out even for sites that don’t support single sign-in…

]]> By: Luke Shepard http://www.sociallipstick.com/?p=189#comment-2059 Luke Shepard Fri, 22 May 2009 20:49:04 +0000 http://www.sociallipstick.com/?p=189#comment-2059 Hey Joe! Oh yeah I totally forgot to mention that you could just try it out here. So yeah, it works like you'd expect. Facebook Connect just uses your Facebook session -there's no difference. Hey Joe! Oh yeah I totally forgot to mention that you could just try it out here. So yeah, it works like you’d expect. Facebook Connect just uses your Facebook session -there’s no difference.

]]> By: Facebook User http://www.sociallipstick.com/?p=189#comment-2058 Facebook User Fri, 22 May 2009 20:04:53 +0000 http://www.sociallipstick.com/?p=189#comment-2058 Cool stuff. And I think I've got this figured out. I used Facebook Connect here, at Social Lipstick. I've tried logging in and out, and I see that logging out here logs me out of Facebook (as you explained above). Is there a way I can log out of Facebook Connect at Social Lipstick? Cool stuff.

And I think I’ve got this figured out. I used Facebook Connect here, at Social Lipstick. I’ve tried logging in and out, and I see that logging out here logs me out of Facebook (as you explained above). Is there a way I can log out of Facebook Connect at Social Lipstick?

]]>