[Openid-specs-ab] Session ID semantics aligned across OpenID Connect front-channel and back-channel logout specs
Filip
panva.ip at gmail.com
Wed Aug 24 08:23:58 UTC 2016
Hello,
reviewing the changes i noticed in Section 2.4 of Backchannel draft 03 the
'exp' claim got removed from Logout Token claims, however section 4 still
recomends OPs to use short expiration times for their Logout Tokens. It is
not clear enough if 'exp' should be present or not.
Best Regards,
*Filip Skokan*
On Wed, Aug 24, 2016 at 3:44 AM, Mike Jones via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> Session ID definitions in the OpenID Connect front-channel and
> back-channel logout specs have been aligned so that the Session ID
> definition is now the same in both specs. The Session ID is scoped to the
> Issuer in both specs now (whereas it was previously global in scope in the
> front-channel spec). This means that the issuer value now needs to be
> supplied whenever the Session ID is. This doesn’t change the simple
> (no-parameter) front-channel logout messages. The back-channel
> specification is now also aligned with the ID Event Token specification.
>
>
>
> The new specification versions are:
>
> · http://openid.net/specs/openid-connect-frontchannel-1_0-01.html
>
> · http://openid.net/specs/openid-connect-backchannel-1_0-03.html
>
>
>
> -- Mike
>
>
>
> P.S. This notice was also posted at http://self-issued.info/?p=1599 and
> as @selfissued <https://twitter.com/selfissued>.
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160824/f3967811/attachment.html>
More information about the Openid-specs-ab
mailing list