[Openid-specs-ab] Backchannel Logout & SET

Torsten Lodderstedt torsten at lodderstedt.net
Wed Nov 16 09:54:16 UTC 2016 

Hi Mike,

where is the sid claim defined? And what is the meaing of SET compliant?

best regards,
Torsten.

Am 16.11.2016 um 17:25 schrieb Mike Jones:
>
> “sid” is no more event-specific than “iss” and “sub” are.  All of 
> these are defined as top-level JWT claims across the Connect spec 
> family.  This is been extensively discussed on working group calls and 
> on the list.  The conclusion has always been to keep the logout token 
> claims usage parallel to that in the ID Token.  Unnecessary 
> differences tend to be counter-productive.
>
> -- Mike
>
> *From:*Openid-specs-ab 
> [mailto:openid-specs-ab-bounces at lists.openid.net] *On Behalf Of *Phil 
> Hunt via Openid-specs-ab
> *Sent:* Wednesday, November 16, 2016 3:19 PM
> *To:* Torsten Lodderstedt <torsten at lodderstedt.net>
> *Cc:* openid-specs-ab at lists.openid.net
> *Subject:* Re: [Openid-specs-ab] Backchannel Logout & SET
>
> +1…. but we might want to hold off till I rev the SET draft based on 
> today’s proposed format change proposed by Justin on the idevents 
> mailing list.
>
> I’ll try to get that published as quick as I can.
>
> Phil
>
> @independentid
>
> www.independentid.com <http://www.independentid.com>
>
> phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>
>
>     On Nov 16, 2016, at 11:56 AM, Torsten Lodderstedt via
>     Openid-specs-ab <openid-specs-ab at lists.openid.net
>     <mailto:openid-specs-ab at lists.openid.net>> wrote:
>
>     Hi all,
>
>     I wondering about the consequences of the following statement:
>     "NOTE: The Logout Token is compatible with Security Event Token
>     (SET) [I‑D.hunt‑idevent‑token] draft -03."
>
>     I think "sid" is an event-specific attribute and if I understand
>     SET correctly, it therefore needs to go in the additional event
>     data underneath an element
>     "http://schemas.openid.net/event/backchannel-logout".
>
>     I think the example
>
>     {
>       "iss": "https://server.example.com",
>       "sub": "248289761001",
>       "aud": "s6BhdRkqt3",
>       "iat": 1471566154,
>       "jti": "bWJq",
>       "sid": "08a5019c-17e1-4977-8f42-65a12843ea02",
>       "events": [ "http://schemas.openid.net/event/backchannel-logout" ]
>      }
>
>     should modified to look as follows
>
>     {
>       "iss": "https://server.example.com",
>       "sub": "248289761001",
>       "aud": "s6BhdRkqt3",
>       "iat": 1471566154,
>       "jti": "bWJq",
>       "events": [ "http://schemas.openid.net/event/backchannel-logout" ]
>       "http://schemas.openid.net/event/backchannel-logout":{
>          "sid": "08a5019c-17e1-4977-8f42-65a12843ea02"
>       }
>      }
>
>     What do you think?
>
>     best regards,
>     Torsten.
>     _______________________________________________
>     Openid-specs-ab mailing list
>     Openid-specs-ab at lists.openid.net
>     <mailto:Openid-specs-ab at lists.openid.net>
>     http://lists.openid.net/mailman/listinfo/openid-specs-ab
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20161116/37d27c80/attachment.html>

More information about the Openid-specs-ab mailing list