[Openid-specs-ab] Backchannel Logout & SET
Torsten Lodderstedt
torsten at lodderstedt.net
Wed Nov 16 02:56:51 UTC 2016
Hi all,
I wondering about the consequences of the following statement: "NOTE:
The Logout Token is compatible with Security Event Token (SET)
[I‑D.hunt‑idevent‑token] draft -03."
I think "sid" is an event-specific attribute and if I understand SET
correctly, it therefore needs to go in the additional event data
underneath an element "http://schemas.openid.net/event/backchannel-logout".
I think the example
{
"iss": "https://server.example.com",
"sub": "248289761001",
"aud": "s6BhdRkqt3",
"iat": 1471566154,
"jti": "bWJq",
"sid": "08a5019c-17e1-4977-8f42-65a12843ea02",
"events": [ "http://schemas.openid.net/event/backchannel-logout" ]
}
should modified to look as follows
{
"iss": "https://server.example.com",
"sub": "248289761001",
"aud": "s6BhdRkqt3",
"iat": 1471566154,
"jti": "bWJq",
"events": [ "http://schemas.openid.net/event/backchannel-logout" ]
"http://schemas.openid.net/event/backchannel-logout":{
"sid": "08a5019c-17e1-4977-8f42-65a12843ea02"
}
}
What do you think?
best regards,
Torsten.
More information about the Openid-specs-ab
mailing list