[Openid-specs-ab] Issue #1011: session management draft 28 (openid/connect)
issues-reply at bitbucket.org
Fri Mar 24 18:28:56 UTC 2017
New issue 1011: session management draft 28
section 3 "iframe in the browser client" this is the only place that "browser client", since "user agent" is defined above and used throughout wouldn't that be a better term?
section 4 "highly desirable to be able to find out the login status" strike the word "out"
Section 4.1 and 4.2 "invisible iframe" these seem scary, has any threat modeling been performed on this doc? I see section 8, but is seems pretty skimpy
More information about the Openid-specs-ab