[Openid-specs-ab] Possibly using session_state in logout and prompt=none requests

Todd W Lainhart lainhart at us.ibm.com
Tue Jul 1 14:43:55 UTC 2014

Perhaps related to this, see my comment at the end of this open issue:


In summary, the suggestion is there for the case where the RP has been 
issued multiple id_tokens.

Todd Lainhart
Rational software
IBM Corporation
550 King Street, Littleton, MA 01460-1250
2-276-4705 (T/L)
lainhart at us.ibm.com

From:   Mike Jones <Michael.Jones at microsoft.com>
To:     "openid-specs-ab at lists.openid.net" 
<openid-specs-ab at lists.openid.net>, 
Date:   06/30/2014 08:47 PM
Subject:        [Openid-specs-ab] Possibly using session_state in logout 
and     prompt=none requests
Sent by:        openid-specs-ab-bounces at lists.openid.net

Some Microsoft product people have asked whether session_state could be 
used in logout requests as an alternative to using the id_token_hint.  A 
secondary related ask would be to be able to use the session_state instead 
of id_token_hint in prompt=none requests.
The logic behind this request is that then the RP would only need to 
persist the session_state value and not the id_token value.
It's not clear whether in the general case, session_state would have 
sufficient information for this to work.  It would be good to get a sense 
what people have in their session_state values now (which are opaque to 
the RP).
Another possible downside to this is that since session management is 
optional, RPs would still have to have code to persist the id_token for 
prompt=none requests for OPs that don’t support session management.
                                                                -- Mike
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140701/8f7b8ec1/attachment.html>

More information about the Openid-specs-ab mailing list