[Openid-specs-ab] Vote to approve logout Implementer's Drafts

Phil Hunt phil.hunt at oracle.com
Thu Mar 16 22:23:53 UTC 2017 

With regards to the Backchannel Logout spec, I urge a vote of NO to moving forward at this time.

Approving the Backchannel Logout is premature given that SET, which Backchannel depends on, has not been through WGLC.

I believe there are issues in the SET draft which need to be resolved first that may result in normative changes.  For example, differentiation of SETs (Logout Events) from ID Tokens and Access tokens.

The Backchannel Logout draft causes confusion as to whether it is a command or an event.  We have not had good discussion on the differences in intent.  A Logout Event should simply say session X was canceled by an issuer. It is not a command to a third party though the expectation is that often policy at the receiver will cause that effect.

I believe there are many use cases where relying parties (clients) will also want to signal logouts. Though there may not be need to affect a single-sign-out but rather a need to co-ordinate UX.  Even when session cancellation not propagated to other clients it may be useful for the OP to know that a particular client needs a new token in order to establish a new session.

Regardless of whether these are valid concerns, I believe we need to continue to discuss the scope of use cases the draft should address. 

Phil

Oracle Corporation, Identity Cloud Architect & Standards
@independentid
www.independentid.com <http://www.independentid.com/>phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>











> On Mar 16, 2017, at 11:55 AM, Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> 
> As described at http://openid.net/2017/03/07/notice-of-vote-for-implementers-drafts-of-openid-connect-logout-specifications/ <http://openid.net/2017/03/07/notice-of-vote-for-implementers-drafts-of-openid-connect-logout-specifications/>, the vote to approve the Implementer’s Drafts of the three logout specs is under way.  There’s a quorum requirement for approval, so if you’re an OpenID Foundation member, please participate in vote now at https://openid.net/foundation/members/polls/111 <https://openid.net/foundation/members/polls/111>.  (And if you’re not a member, the page says how you can become a member and vote.)
>  
> Implementer’s Drafts are not final specifications – they are stable versions for people to use for interop testing and early deployments.  Additional changes incorporating developer feedback are still possible after the specifications become Implementer’s Drafts.
>  
>                                                                 Thanks,
>                                                                 -- Mike
>  
> (writing as OpenID Foundation Board Secretary)
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab <http://lists.openid.net/mailman/listinfo/openid-specs-ab>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170316/dde5d928/attachment.html>

More information about the Openid-specs-ab mailing list