[Openid-specs-ab] Issue #1011: session management draft 28 (openid/connect)

tomcjones issues-reply at bitbucket.org
Fri Mar 24 18:28:56 UTC 2017

New issue 1011: session management draft 28


section 3 "iframe in the browser client"  this is the only place that "browser client", since "user agent" is defined above and used throughout wouldn't that be a better term?

section 4 "highly desirable to be able to find out the login status" strike the word "out"

Section 4.1 and 4.2 "invisible iframe" these seem scary, has any threat modeling been performed on this doc? I see section 8, but is seems pretty skimpy

Responsible: mbj

More information about the Openid-specs-ab mailing list