[Openid-specs-ab] [External Sender] Working Group Last Call for OpenID Connect Logout Specifications

Brian Campbell bcampbell at pingidentity.com
Mon May 2 20:33:36 UTC 2022 

It does make sense but doesn't particularly resonate for me. From what I've
seen in the realm of work around browser privacy enhancements, the window
for an open letter like that to be impactful has passed (arguably never
existed but I digress..).  And I worry that pushing these documents forward
now looks out of touch to those familiar with the current and coming
browser changes and will be misleading to those unfamiliar. I seem to be in
the minority in this viewpoint, however, so I won't press the issue.

On Fri, Apr 29, 2022 at 9:07 PM Mike Jones <Michael.Jones at microsoft.com>
wrote:

> To Brian’s main question, as discussed in the working group call where we
> decided to have the WGLC, finalizing the logout specs puts a stake in the
> ground, documenting how the industry has been doing logout for OpenID
> Connect for years.
>
>
>
> Finishing things matters.
>
>
>
> Finally, there’s a strategic aspect to it.  The board, at some point, may
> write an open letter to those proposing changing how the Web works,
> critiquing those changes, enumerating what would break,  and proposing an
> alternate path.  We would be in a stronger position for that letter if we
> are pointing to Final Specifications that are being broken, rather than
> Drafts.
>
>
>
> Yes, we can always define new logout methods if forced to, but those would
> be in different specs.
>
>
>
> I hope all of that makes sense.  I agree that this is a discussion worth
> having.
>
>
>
>                                                        -- Mike
>
>
>
> P.S.  RP-Initiated Logout isn’t affected either.
>
>
>
> *From:* Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> *On
> Behalf Of *Brian Campbell via Openid-specs-ab
> *Sent:* Wednesday, April 27, 2022 2:03 PM
> *To:* Andrii Deinega <andrii.deinega at gmail.com>
> *Cc:* Brian Campbell <bcampbell at pingidentity.com>; Artifact
> Binding/Connect Working Group <openid-specs-ab at lists.openid.net>
> *Subject:* Re: [Openid-specs-ab] [External Sender] Working Group Last
> Call for OpenID Connect Logout Specifications
>
>
>
> Yeah, back-channel isn't affected by 3rd party deprecation. I wrote "so
> much of the functionality" rather than "all of the functionality" in an
> attempt to raise the general question/concern without delving into or
> rehashing the specifics.
>
>
>
> On Wed, Apr 27, 2022 at 2:28 PM Andrii Deinega <andrii.deinega at gmail.com>
> wrote:
>
> Brian, OpenID Connect Back-Channel Logout 1.0 from these four drafts won't
> be affected by any changes with 3rd party cookies from browsers' vendors,
> right?  Although, it somehow overlaps or "duplicates" efforts with the SSE
> WG.
>
>
>
> Regards,
>
> Andrii
>
>
>
> On Wed, Apr 27, 2022 at 1:04 PM Brian Campbell via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
> I don't want to be too much of a wet blanket here but does it really make
> sense to push these through to Final knowing that changes to the treatment
> of 3rd party cookies in the browsers will break so much of the
> functionality they purport to provide?
>
>
>
> On Tue, Apr 19, 2022 at 7:08 AM George Fletcher via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
> I support publication
>
>
>
> On Mon, Apr 18, 2022 at 11:45 PM Mike Jones via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
> All tracked issues on the OpenID Connect logout specifications have been
> addressed.  These four specifications are:
>
>    - OpenID Connect RP-Initiated Logout 1.0
>    - OpenID Connect Session Management 1.0
>    - OpenID Connect Front-Channel Logout 1.0
>    - OpenID Connect Back-Channel Logout 1.0
>
>
>
> This note begins a two-week Working Group Last Call (WGLC) period for
> these specifications.  This WGLC agreed to on today’s working group call.
> If there are changes you’d like to see to them before the 60-day OpenID
> Foundation-wide review leading to them becoming Final Specifications,
> please file issues by Monday, May 2, 2022  at
> https://bitbucket.org/openid/connect/issues?status=new&status=open&component=Logout
> <https://urldefense.com/v3/__https:/bitbucket.org/openid/connect/issues?status=new&status=open&component=Logout__;!!FrPt2g6CO4Wadw!eZSysFDeWtjSoZANCkUPwo_uHJUWz3vriRcW0qTIw3WvE3X0l3gYJiKWQts_qC8GroMFmvE$>,
> tagging them with the component “Logout”.  Or if you don’t want any changes
> feel free to reply-all to this list saying that you support publication.
>
>
>
> The four specifications are at:
>
>    - https://openid.net/specs/openid-connect-rpinitiated-1_0-02.html
>    <https://urldefense.com/v3/__https:/openid.net/specs/openid-connect-rpinitiated-1_0-02.html__;!!FrPt2g6CO4Wadw!eZSysFDeWtjSoZANCkUPwo_uHJUWz3vriRcW0qTIw3WvE3X0l3gYJiKWQts_qC8GaKnMhKw$>
>    - https://openid.net/specs/openid-connect-session-1_0-31.html
>    <https://urldefense.com/v3/__https:/openid.net/specs/openid-connect-session-1_0-31.html__;!!FrPt2g6CO4Wadw!eZSysFDeWtjSoZANCkUPwo_uHJUWz3vriRcW0qTIw3WvE3X0l3gYJiKWQts_qC8G72BM7Rc$>
>    - https://openid.net/specs/openid-connect-frontchannel-1_0-05.html
>    <https://urldefense.com/v3/__https:/openid.net/specs/openid-connect-frontchannel-1_0-05.html__;!!FrPt2g6CO4Wadw!eZSysFDeWtjSoZANCkUPwo_uHJUWz3vriRcW0qTIw3WvE3X0l3gYJiKWQts_qC8GtYi8ZRo$>
>    - https://openid.net/specs/openid-connect-backchannel-1_0-07.html
>    <https://urldefense.com/v3/__https:/openid.net/specs/openid-connect-backchannel-1_0-07.html__;!!FrPt2g6CO4Wadw!eZSysFDeWtjSoZANCkUPwo_uHJUWz3vriRcW0qTIw3WvE3X0l3gYJiKWQts_qC8GyafPr70$>
>
>
>
> We look forward to your review comments!
>
>
>
>                             -- Mike (writing as a working group chair)
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
>
> https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!eZSysFDeWtjSoZANCkUPwo_uHJUWz3vriRcW0qTIw3WvE3X0l3gYJiKWQts_qC8Gn1tFsyo$
> <https://urldefense.com/v3/__https:/lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!eZSysFDeWtjSoZANCkUPwo_uHJUWz3vriRcW0qTIw3WvE3X0l3gYJiKWQts_qC8Gn1tFsyo$>
>
> ------------------------------
>
>
> The information contained in this e-mail is confidential and/or
> proprietary to Capital One and/or its affiliates and may only be used
> solely in performance of work or services for Capital One. The information
> transmitted herewith is intended only for use by the individual or entity
> to which it is addressed. If the reader of this message is not the intended
> recipient, you are hereby notified that any review, retransmission,
> dissemination, distribution, copying or other use of, or taking of any
> action in reliance upon this information is strictly prohibited. If you
> have received this communication in error, please contact the sender and
> delete the material from your computer.
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*_______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220502/48d8cd14/attachment.html>

More information about the Openid-specs-ab mailing list