[Openid-specs-ab] Session Management

Nat Sakimura sakimura at gmail.com
Mon Jun 3 22:57:20 UTC 2013


I have started to do the final review of Session Management.

I already have one issue: the definition of Session.

It currently is:

Instance of an interactive logged-in session at a Relying Party with a
particular OpenID Provider and End-User identity.


This definition is circular. Using the word “session” to explain session,
which does not work. End-User identity here seems wrong.

Here is the proposed version. It is a modified version of RFC 4949.

Continuous period of time during which a user accesses a Relying Party
relying on the Authentication of the End-User performed by the OpenID
Provider



-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/7241d2f9/attachment.html>


More information about the Openid-specs-ab mailing list