sign-off: • First cookie is long lived and keeps the user session • Second cookie required to perform API calls is short lived and needs to be refreshed using the first cookie • Signing off from Facebook deletes both cookies
• Easy to implement • Decentralized • Only single sign-on • Hard to implement • Attribute exchange (CAS 3.0) • Single sign-off • Gateway authentication • openid.sreg and openid.ax • Single sign-off • Browser extensions