[Openid-specs-ab] Vote to approve logout Implementer's Drafts

Phil Hunt phil.hunt at oracle.com
Fri Mar 17 01:00:28 UTC 2017 

Mike,

That is not what your email said…

> As described at http://openid.net/2017/03/07/notice-of-vote-for-implementers-drafts-of-openid-connect-logout-specifications/ <http://openid.net/2017/03/07/notice-of-vote-for-implementers-drafts-of-openid-connect-logout-specifications/>, the vote to approve the Implementer’s Drafts of the three logout specs is under way.

Further, the referenced link makes no such distinction.

Phil

Oracle Corporation, Identity Cloud Architect & Standards
@independentid
www.independentid.com <http://www.independentid.com/>phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>











> On Mar 16, 2017, at 5:11 PM, Mike Jones <Michael.Jones at microsoft.com> wrote:
> 
> This reply is being written wearing my board secretary hat, in order to clear up several points of possible confusion created by Phil’s note.
>  
> Phil, the question before the foundation is membership is whether the OpenID Foundation membership wants there to be intellectual property protections for implementers of openid-connect-session-1_0-28.html <http://openid.net/specs/openid-connect-session-1_0-28.html>
> openid-connect-frontchannel-1_0-02.html <x-msg://30/openid-connect-frontchannel-1_0-02.html>, and openid-connect-backchannel-1_0-04.html <http://openid.net/specs/openid-connect-backchannel-1_0-04.html>.  The question is not being asked whether the membership believes that these should become OpenID Final Specifications.  People should vote their positions on the intellectual property protection question (while also separately providing technical feedback to the working group, should they decide to do that).
>  
> There is not an option to vote separately on the three specifications.  As is typically done with closely related specifications, the options are to Approve, Reject, or Abstain on the question of providing intellectual property protections for all three specifications.
>  
> Phil, as a working group member who participated in the decision to ask for intellectual property protections for this bundle of related specifications (see the January 19, 2017 working group call notes <http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20170116/006422.html>), I’m surprised that you would now oppose those protections, but it’s obviously up to you how you vote.  The logical time to raise objections within the working group would have been during the one-week review of the Candidate proposed OpenID Connect logout Implementer's Drafts <http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20170123/006428.html>, which was announced by e-mail to the working group on January 25, 2017, before the foundation-wide public review period.  No objections were raised by anyone, and so the foundation-wide review was announced <http://openid.net/2017/02/04/review-of-proposed-implementers-drafts-of-openid-connect-logout-specifications/> on February 4, 2017.
>  
> To be clear, while writing as board secretary, I am intentionally not taking a position on any of the technical points that Phil is raising.  The working group can and should discuss these, but they are not the subject of this thread.
>  
>                                                                 -- Mike (OpenID Foundation Board Secretary)
>  
> P.S.  Phil, I’ll respond privately to your “Which account do we log in with?” question.
>  
> From: Phil Hunt [mailto:phil.hunt at oracle.com] 
> Sent: Thursday, March 16, 2017 3:24 PM
> To: Mike Jones <Michael.Jones at microsoft.com>
> Cc: openid-specs-ab at lists.openid.net
> Subject: Re: [Openid-specs-ab] Vote to approve logout Implementer's Drafts
>  
> With regards to the Backchannel Logout spec, I urge a vote of NO to moving forward at this time.
>  
> Approving the Backchannel Logout is premature given that SET, which Backchannel depends on, has not been through WGLC.
>  
> I believe there are issues in the SET draft which need to be resolved first that may result in normative changes.  For example, differentiation of SETs (Logout Events) from ID Tokens and Access tokens.
>  
> The Backchannel Logout draft causes confusion as to whether it is a command or an event.  We have not had good discussion on the differences in intent.  A Logout Event should simply say session X was canceled by an issuer. It is not a command to a third party though the expectation is that often policy at the receiver will cause that effect.
>  
> I believe there are many use cases where relying parties (clients) will also want to signal logouts. Though there may not be need to affect a single-sign-out but rather a need to co-ordinate UX.  Even when session cancellation not propagated to other clients it may be useful for the OP to know that a particular client needs a new token in order to establish a new session.
>  
> Regardless of whether these are valid concerns, I believe we need to continue to discuss the scope of use cases the draft should address. 
>  
> Phil
>  
> Oracle Corporation, Identity Cloud Architect & Standards
> @independentid
> www.independentid.com <http://www.independentid.com/>
> phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>
>  
>  
>  
>  
>  
>  
>  
>  
>  
> 
>  
> On Mar 16, 2017, at 11:55 AM, Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net>> wrote:
>  
> As described at http://openid.net/2017/03/07/notice-of-vote-for-implementers-drafts-of-openid-connect-logout-specifications/ <http://openid.net/2017/03/07/notice-of-vote-for-implementers-drafts-of-openid-connect-logout-specifications/>, the vote to approve the Implementer’s Drafts of the three logout specs is under way.  There’s a quorum requirement for approval, so if you’re an OpenID Foundation member, please participate in vote now at https://openid.net/foundation/members/polls/111 <https://openid.net/foundation/members/polls/111>.  (And if you’re not a member, the page says how you can become a member and vote.)
>  
> Implementer’s Drafts are not final specifications – they are stable versions for people to use for interop testing and early deployments.  Additional changes incorporating developer feedback are still possible after the specifications become Implementer’s Drafts.
>  
>                                                                 Thanks,
>                                                                 -- Mike
>  
> (writing as OpenID Foundation Board Secretary)
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab <http://lists.openid.net/mailman/listinfo/openid-specs-ab>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170316/571f559f/attachment.html>

More information about the Openid-specs-ab mailing list