[Openid-specs-ab] Session Management: Logout
Andreas Åkre Solberg
andreas.solberg at uninett.no
Wed Aug 31 11:39:34 UTC 2011
I'm referring to OpenID Connect Session Management 1.0 - draft 03.
http://openid.net/specs/openid-connect-session-1_0.html
By referring to the term 'session syncronization', the spec indicates that OpenID Connect supports that sessions at the provider is synchronized with sessions at various clients.
Right now, I see that the client may terminate the session at the provider, but there is no way for the provider to terminate the session at the client. Consequently it would not be possible to implement Single Logout (or global logout), like the concept known from the SAML world.
Is it decided that the global logout use case should not be supported by OpenID Connect? Or is it just yet not speced.
Andreas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110831/50c80a8e/attachment.html>
More information about the Openid-specs-ab
mailing list