[Openid-specs-ab] Certification profile designs for logout specs

Mike Jones Michael.Jones at microsoft.com
Wed Oct 24 21:03:36 UTC 2018


The certification committee has sketched out designs for six new certification profiles:

  *   OP supporting Session Management
  *   OP supporting Front-Channel Logout
  *   OP supporting Back-Channel Logout
  *   RP supporting Session Management
  *   RP supporting Front-Channel Logout
  *   RP supporting Back-Channel Logout

We reviewed these designs at the OpenID Workshop at VMware on Monday.

All the OP profiles will share these characteristics:

  *   Verify support for profile-specific OP metadata values
  *   Tests will be initiated using RP-initiated logout
  *   Control will be returned to the test tool using post_logout_redirect_uri values
  *   The tool will use prompt=none requests to verify that the user was logged in before the test and logged out after the test
  *   Support for the "state" RP-initiated logout parameter will be tested

All the RP profiles will share these characteristics:

  *   Verify support for profile-specific client registration metadata values
  *   Tests will be initiated using RP-initiated logout
  *   Control will be returned by the test tool to the RP using post_logout_redirect_uri values
  *   Support for the "state" RP-initiated logout parameter will be tested

Working group feedback is solicited.  In particular, are there aspects of the three logout specs that you believe that this test plan doesn't cover?  Are there ways that you believe we should be doing things differently?

                             Thanks from the certification committee,
                                                          -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20181024/a7178b26/attachment.html>


More information about the Openid-specs-ab mailing list