[Openid-specs-ab] Session Management
sakimura at gmail.com
Mon Jun 3 22:57:20 UTC 2013
I have started to do the final review of Session Management.
I already have one issue: the definition of Session.
It currently is:
Instance of an interactive logged-in session at a Relying Party with a
particular OpenID Provider and End-User identity.
This definition is circular. Using the word “session” to explain session,
which does not work. End-User identity here seems wrong.
Here is the proposed version. It is a modified version of RFC 4949.
Continuous period of time during which a user accesses a Relying Party
relying on the Authentication of the End-User performed by the OpenID
Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab