[Openid-specs-ab] Issue #1017: Session management: RP-init logout: Proposal for optional ui_locales parameter (openid/connect)
Sergey Beryozkin
sberyozkin at gmail.com
Tue May 30 10:08:59 UTC 2017
Hi Filip, and Thomas,
Thanks for the explanation, it helps, I don't recall seeing an OIDC
(IDP) level dialogs, but I understand now why it may be needed...
Cheers, Sergey
On 29/05/17 17:51, Filip Skokan wrote:
> It is not uncommon that OP asks the user to confirm the RP initiated
> logout if the request is missing an id_token_hint, i assume the locale
> is meant for this confirmation. There are several mentions of an OP
> confirmation prompt in Session Management
>
> [1] in section 5: "At the logout endpoint, the OP SHOULD ask the
> End-User whether he wants to log out of the OP as well. If the End-User
> says "yes", then the OP MUST log out the End-User."
> [2] in section 8: "Logout requests without a valid id_token_hint value
> are a potential means of denial of service; therefore, OPs may want to
> require explicit user confirmation before acting upon them."
>
> Best,
> *Filip*
>
> On Mon, May 29, 2017 at 6:22 PM, Sergey Beryozkin via Openid-specs-ab
> <openid-specs-ab at lists.openid.net
> <mailto:openid-specs-ab at lists.openid.net>> wrote:
>
> Hi Vladimir
>
> We've only prototyped the code around the RP-initiated logout spec
> text, hence the question, in this flow, it is actually the
> RP-controlled endpoint that has the user being redirected to it,
> once OIDC completes this RP-initiated logout request, and this RP
> endpoint will display the message.
> So is it something that it is not that OIDC can control, which
> Locale to use ?
> I may've missed something with respect to how this flow actually
> works though...
>
> Thanks, Sergey
>
>
> On 29/05/17 16:28, Vladimir Dzhuvinov via Openid-specs-ab wrote:
>
> New issue 1017: Session management: RP-init logout: Proposal for
> optional ui_locales parameter
> https://bitbucket.org/openid/connect/issues/1017/session-management-rp-init-logout-proposal
> <https://bitbucket.org/openid/connect/issues/1017/session-management-rp-init-logout-proposal>
>
> Vladimir Dzhuvinov:
>
> At the end-session endpoint the end-user typically needs be
> presented with a confirmation dialog. For that reason I would
> like to propose a new optional parameter for the RP-initiated
> logout request -- "ui_locales", identical to the one already
> available for OpenID authentication requests.
>
> We can reuse the description in Core for that:
>
> ui_locales
> OPTIONAL. End-User's preferred languages and scripts
> for the user interface, represented as a space-separated
> list of BCP47 [RFC5646] language tag values, ordered by
> preference. For instance, the value "fr-CA fr en" represents
> a preference for French as spoken in Canada, then French
> (without a region designation), followed by English (without
> a region designation). An error SHOULD NOT result if some or
> all of the requested locales are not supported by the OpenID
> Provider.
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> <http://lists.openid.net/mailman/listinfo/openid-specs-ab>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> <http://lists.openid.net/mailman/listinfo/openid-specs-ab>
>
>
More information about the Openid-specs-ab
mailing list