[OpenID] OpenID Connect Back-Channel Logout Specification

peter williams home_pw at msn.com
Fri Sep 11 02:21:34 UTC 2015 

took a while (being an unexceptional), but I eventually grasped what oauth2 and then openid connect had added beyond earlier websso sign on protocols. I even understood how they had abandoned user centric ideas (of openid) in favor of multi_layer governance.

in short, is there a leap in signout? if so, Anyone, what is it?




On September 9, 2015, at 11:54 PM, Mike Jones <Michael.Jones at microsoft.com> wrote:

A new back-channel OpenID Connect Logout spec has been published at http://openid.net/specs/openid-connect-backchannel-1_0.html.  This can coexist with or be used instead of the front-channel-based Session Management<http://openid.net/specs/openid-connect-session-1_0.html> and HTTP-Based Logout<http://openid.net/specs/openid-connect-logout-1_0.html> specifications.

The abstract for the new specification states:
This specification defines a logout mechanism that uses back-channel communication between the OP and RPs being logged out; this differs from front-channel logout mechanisms, which communicate logout requests from the OP to RPs via the User Agent.

This completes publication of the three planned OpenID Connect logout mechanisms:  two that communicate on the front-channel through the User Agent (browser) and this one that communicates on the back-channel, without involving the User Agent.  See the Introduction<http://openid.net/specs/openid-connect-backchannel-1_0-00.html#Introduction> for a discussion of the upsides and downsides of the different logout approaches.  As much as we'd like there to be a single logout solution, both experience and extensive discussions led us to the conclusion that there isn't a feasible one-size-fits-all approach.

Reviews of the new (and existing!) specifications are welcomed.

Thanks to John Bradley, Pedro Felix, Nat Sakimura, Brian Campbell, and Todd Lainhart for their contributions to the creation of the specification.

                                                            -- Mike

P.S.  This note was also published at http://self-issued.info/?p=1452 and as @selfissued<https://twitter.com/selfissued>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20150910/1869482c/attachment.html>
-------------- next part --------------
_______________________________________________
general mailing list
general at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general

More information about the general mailing list