[Openid-specs-ab] Spec call notes 19-Sep-16
ejay at mgi1.com
Mon Sep 19 23:51:45 UTC 2016
Spec call notes 19-Sep-16
Edmund JayPrateek MishraRich Levinson
Agenda Session and Logout specs
Prateek and Rich are looking at the session related aspect of OpenID Connect andanalyzing the distinctions between the ID Token, Session ID, and session lifetimes.
They are looking for a "strong logout" solution (strong coupling of sessions between IdP and RP).
They are deciding whether any changes and/or change to the language is needed.
Clarification is needed on ID Token lifetime and session lifetime.
They are analyzing RP use cases and are finding that some class of RPs desirestrong logout with IdP.
For strong logout implementation, they are looking into what information is needed to be conveyed to the RP for session termination.
Required information includes session ID, IdP session lifetime (or expiration). Session lifetime is needed by some RPs which uses caches to implement flush strategy.
There are many use cases where the RP wants to coordinate sessions with IdP and have strong session logout.
Prateek and Rich will publish an analysis by next Thursday call and solicit community feedback.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab