[Openid-specs-ab] Review of Proposed Implementer’s Drafts of OpenID Connect Logout Specifications

Mike Jones Michael.Jones at microsoft.com
Sun Feb 5 18:26:04 UTC 2017

Hi Filip,

The main thing needed is for someone to clearly and concisely write down a description of the limitations and for the working group to review.  Then it can be added to the specifications in the future.

There’s an issue about this at https://bitbucket.org/openid/connect/issues/1003/document-possible-impacts-of-disabling but it hasn’t been assigned to anyone.  If you’d like to take a crack at it, have at it.  You could add the proposed text directly to the issue.

The good news is that adding this text wouldn’t change what the specifications do or how they work, so doing so wouldn’t be a breaking change later.  It would simply be commentary on how implementations will work (or not) in certain environments.  Also, note that these are proposed to be Implementer’s Drafts – not Final Specifications.  So there will be plenty of time in the future to add this commentary once there is working group consensus on what we actually want to say.

Thanks for bringing this issue back up.

                                                          Best wishes,
                                                          -- Mike

From: Filip [mailto:panva.ip at gmail.com]
Sent: Sunday, February 5, 2017 12:52 AM
To: Mike Jones <Michael.Jones at microsoft.com>; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Review of Proposed Implementer’s Drafts of OpenID Connect Logout Specifications

When would the notes about limitations coming from third party cookie disabled browsers make it's way to the specifications? (session and frontchannel).

Filip Skokan

On Sun, Feb 5, 2017 at 12:48 AM, Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:

The OpenID Connect Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts:
•       Session Management<http://openid.net/specs/openid-connect-session-1_0-28.html> – Defines how to manage OpenID Connect sessions, including postMessage-based logout functionality
•       Front-Channel Logout<http://openid.net/specs/openid-connect-frontchannel-1_0-02.html> – Defines a front-channel logout mechanism that does not use an OP iframe on RP pages
•       Back-Channel Logout<http://openid.net/specs/openid-connect-backchannel-1_0-04.html> – Defines a logout mechanism that uses back-channel communication between the OP and RPs being logged out

Each of these protocols communicate logout requests from OpenID Providers to Relying Parties, but using different mechanisms that are appropriate for different use cases. See the Introduction section of each of the specifications for descriptions of the mechanisms used and comparisons between them. All the specifications share a common mechanism for communicating logout requests from Relying Parties to OpenID Providers.

An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note starts the 45-day public review period for the specification drafts in accordance with the OpenID Foundation IPR policies and procedures. This review period will end on Tuesday, March 21, 2017. Unless issues are identified during the review that the working group believes must be addressed by revising the drafts, this review period will be followed by a seven-day voting period during which OpenID Foundation members will vote on whether to approve these drafts as OpenID Implementer’s Drafts. For the convenience of members, voting may begin up to two weeks before March 21st, with the voting period still ending on Tuesday, March 28, 2017.

These specifications are available at:
•       http://openid.net/specs/openid-connect-session-1_0-28.htmlhttp://openid.net/specs/openid-connect-frontchannel-1_0-02.htmlhttp://openid.net/specs/openid-connect-backchannel-1_0-04.html

A description of OpenID Connect can be found at http://openid.net/connect/. The working group page is http://openid.net/wg/connect/. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration. If you’re not a current OpenID Foundation member, please consider joining to participate in the approval vote.

You can send feedback on the specifications in a way that enables the working group to act upon your feedback by (1) signing the contribution agreement at http://openid.net/intellectual-property/ to join the working group (please specify that you are joining the “AB+Connect” working group on your contribution agreement), (2) joining the working group mailing list at http://lists.openid.net/mailman/listinfo/openid-specs-ab, and (3) sending your feedback to the list.

— Michael B. Jones – OpenID Foundation Board Secretary

P.S.  This notice was also posted at http://openid.net/2017/02/04/review-of-proposed-implementers-drafts-of-openid-connect-logout-specifications/ and as @openid<https://twitter.com/openid>.

Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170205/7a0ac013/attachment-0001.html>

More information about the Openid-specs-ab mailing list