[Openid-specs-ab] OpenID Connect Logout using HTTP GET

Mike Jones Michael.Jones at microsoft.com
Sat Feb 14 06:11:52 UTC 2015

A one-pager (yes, it really is just one page) proposing an HTTP GET-based logout mechanism for OpenID Connect is attached.

Other protocols have used HTTP GETs to RP URLs that clear cookies and then return a hidden image to achieve this.  This proposal does the same thing.  It also reuses the RP-initiated logout functionality specified in Section 5 of OpenID Connect Session Management<http://openid.net/specs/openid-connect-session-1_0.html#RPLogout> (RP-Initiated Logout).

Feedback is requested, especially from those of you who have implemented similar mechanisms for OpenID Connect (Brian, Torsten, ...) or for other protocols (John, Tony, ...).  If there's working group consensus to move forward with this proposal, I'll then turn this into full-fledged spec.

Have a good weekend, everyone!

                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150214/87b0eb05/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenID Connect Logout using HTTP GET.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 19524 bytes
Desc: OpenID Connect Logout using HTTP GET.docx
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150214/87b0eb05/attachment-0001.docx>

More information about the Openid-specs-ab mailing list