[Openid-specs-ab] backchannel logout: events
Axel.Nennker at telekom.de
Axel.Nennker at telekom.de
Thu Mar 16 11:48:44 UTC 2017
Hi,
Regarding https://openid.net/specs/openid-connect-backchannel-1_0.html
I am wondering what the reason behind events is:
events
REQUIRED. Claim whose value is a JSON object containing the member name http://schemas.openid.net/event/backchannel-logout. This declares that the JWT is a Logout Token. The corresponding member value MUST be a JSON object and SHOULD be the empty JSON object {}.
The reason, I think, to have "events" is to make the logout JWT compatible to SET: https://tools.ietf.org/html/draft-ietf-secevent-token-01
But SET states: "Security Events are not commands issued between parties"
While openid-connect-backchannel-1_0.html JWT is a command.
If we want SET compatibility wouldn't it make more sense to have a SET compatible response to the logout command?
Why is SET compatibility important? Is it important enough to justify this really strange type specifier?
"events": {
"http://schemas.openid.net/event/backchannel-logout": {}
}
Kind regards
Axel
Deutsche Telekom AG
T-Labs (Research & Innovation)
Dipl.-Inform. Axel Nennker
Winterfeldtstr. 21, 10781 Berlin
+491702275312 (Mobile)
E-Mail: axel.nennker at telekom.de
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170316/06d39d0f/attachment.html>
More information about the Openid-specs-ab
mailing list