[Openid-specs-ab] Session Management

Nat Sakimura sakimura at gmail.com
Mon Jun 3 22:57:20 UTC 2013

I have started to do the final review of Session Management.

I already have one issue: the definition of Session.

It currently is:

Instance of an interactive logged-in session at a Relying Party with a
particular OpenID Provider and End-User identity.

This definition is circular. Using the word “session” to explain session,
which does not work. End-User identity here seems wrong.

Here is the proposed version. It is a modified version of RFC 4949.

Continuous period of time during which a user accesses a Relying Party
relying on the Authentication of the End-User performed by the OpenID

Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/7241d2f9/attachment.html>

More information about the Openid-specs-ab mailing list