March 30th, 2006

  • sasuko

Permanent login (openID) to work only when logged into server

Permanent login (openID) to work only when logged into server

Short, concise description of the idea
Allow the "log me in permanently" option to work only when the person is logged into their openID server

Full description of the idea
Currently, the permanent log in for openID server works whether or not they are logged into their server.

Since people who use openID generally do not save any real information on the sites (except perhaps their URL), it seems like the bulk of the identification is done by the openID server.

If content that is filtered can now be viewed by people as long as they have access to that computer (perhaps through theft), it seems as if the security of both the user (and the people who enable access to that openID user) will be compromised.

If the permanent login works only if the person is logged into their accounts, then this might be more secure. (I have no idea how to phrase it, so let me give an example)

For instance, I've got a livejournal account. If I go visit insanejournal, for example, I could log in using openID (

If the permanent login (on insanejournal) works only if I am currently logged into my livejournal account, then it might make things safer for my friends who are on insanejournal.

An ordered list of benefits
  • Increased security
  • saves typing on entering external sites (rather than having to type your URL each time)

An ordered list of problems/issues involved
  • Requires sites to work together? (No idea; I'm a computer idiot)
  • Might require a lot more coding? (same as above)

An organized list, or a few short paragraphs detailing suggestions for implementation
  • Frankly, I've no idea. Just how does the "permanent login" thing work anyway?