[Openid-specs-ab] OpenID Connect session management discussion 24-Oct-12
Mike Jones
Michael.Jones at microsoft.com
Wed Oct 24 18:12:52 UTC 2012
OpenID Connect session management discussion 24-Oct-12
9:30-10:30 IIW session, Room B
Breno de Medeiros gave a tutorial on the current session management model
Mike Jones let the audience know that the purpose of the session is to refine the contents of the OpenID session management spec:
http://openid.net/specs/openid-connect-session-1_0.html
Issue: Is "ops" a separate parameter?
We decided that it should be a separate parameter from the ID Token
Google implementation feedback: RPs are likely to hold on to "ops" as a cookie so we should make sure that it's safe to do so
Safe across multiple tabs from same RP
Safe for users by respecting cookie same-origin policy
We should add a JavaScript origin to the crypto function that computes the ops
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20121024/3cdd9651/attachment.html>
More information about the Openid-specs-ab
mailing list