[Openid-specs-ab] Browser Interactions STC - Meeting Notes - 2021-06-30

David Waite david at alkaline-solutions.com
Mon Jul 5 23:10:23 UTC 2021

(Speaking as someone who has always tried to steer people away from iframe mechanisms)

My ideal outcome would be evolution on a timeline where browsers would:
1. Keep RPs/SPs/clients working with ideally minimal degradation if no changes are made
2. Have IDPs/OPs/ASs work with potentially significant user impact/degradation if no changes are made
3. Propose alternatives, involving changes for all parties, providing overall better user experience.

I would hope we have proposals that go beyond iframe scenarios, but the efforts to keep them working is an effort to reduce the number of deployed applications which need to be modified, and the urgency by which they need to be changed.


> On Jul 5, 2021, at 9:35 AM, Brock Allen via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> Thanks for the write up, Tim.
> General question I've been meaning to ask for the past few months -- I notice a bunch of effort is being put into thinking about the iframe scenarios (OIDC front-channel logout, JS token renewal, JS check session notification).
> Given that some browsers have already broken those scenarios, why would anyone keep putting effort into them? If ~10%+ of your user base can't use these features given their browser preference, then as an application/identity architect I'd conclude that I can't use them at all in my design.
> My current thinking is that if you have a cross-site IdP, then your web app must have a back-end, use refresh tokens, and back channel logout to simply function these days.
> What am I missing?
> -Brock
>> On 6/30/2021 3:54:09 PM, Tim Cappalli via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
>> Hey all,  
>> Here are the meeting notes from today's special topic call. Please feel free to add or correct anything. 
>> openid / connect / wiki / Browser Interactions Special Topics Call - 20210630 — Bitbucket <https://bitbucket.org/openid/connect/wiki/Browser%20Interactions%20Special%20Topics%20Call%20-%2020210630>
>> Next meeting is in two weeks on July 14th (UTC). 
>> Tim 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210705/3a0f6f4c/attachment.html>

More information about the Openid-specs-ab mailing list