I was a little confused about this -- IIUC, does this mean that if I'm on a page with a top level frame of rp1.com, I shouldn't be able to learn that rp2.com is logged in via idp1.com, even if rp1.com is itself logged in via idp1.com (rp being relying party, idp being identity provider)? But, it's OK for rp1.com to know that it's logged in via idp1.com?
In https://github.com/fedidcg/login-status, it says "The login status of a cross-origin domain must not be observable by a page itself".
I was a little confused about this -- IIUC, does this mean that if I'm on a page with a top level frame of rp1.com, I shouldn't be able to learn that rp2.com is logged in via idp1.com, even if rp1.com is itself logged in via idp1.com (rp being relying party, idp being identity provider)? But, it's OK for rp1.com to know that it's logged in via idp1.com?