[Openid-specs-ab] Session Management
Nat Sakimura
sakimura at gmail.com
Mon Jun 3 22:57:20 UTC 2013
I have started to do the final review of Session Management.
I already have one issue: the definition of Session.
It currently is:
Instance of an interactive logged-in session at a Relying Party with a
particular OpenID Provider and End-User identity.
This definition is circular. Using the word “session” to explain session,
which does not work. End-User identity here seems wrong.
Here is the proposed version. It is a modified version of RFC 4949.
Continuous period of time during which a user accesses a Relying Party
relying on the Authentication of the End-User performed by the OpenID
Provider
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130604/7241d2f9/attachment.html>
More information about the Openid-specs-ab
mailing list