Hi, I would like to know if there is something coming in the specification about the logout/timeout. If I use an external OpenID provider for authentication in my application, how I can be sure, when the user logout (or its session timeout) of my application, its OpenID session will also be invalidated.
Regards, Sylvain Gilbert
_______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
