[Openid-specs-ab] [E] Re: [External Sender] Working group review of OpenID Connect Native SSO for Mobile Apps specification

Naveen CM mnaveen at yahooinc.com
Wed Sep 21 19:09:44 UTC 2022 

Hi George,

How do we handle user logout from one device?
Will getting a new refresh token using the existing refresh token help
solve the naming and revoke token for a specific device?

With regards,
Naveen CM

On Wed, Sep 21, 2022 at 9:18 AM Tom Jones via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> George: I understand what issue you are trying to solve. But my comment is
> that we need to take the view from the RP.
>
> What is it exactly that the RP needs to know about their registered users
> to be able to recognize them no matter what device they are using?
>
> ..tom
>
>
> On Wed, Sep 21, 2022 at 8:57 AM George Fletcher <
> george.fletcher at capitalone.com> wrote:
>
>> I agree with you Karl regarding not solving the issue of the user having
>> the same app (public client) installed on multiple devices and wanting to
>> revoke just one of the devices. Usually this hits snags if the user is
>> required to "name" the device.
>>
>> Of course, Dynamic Client Registration can solve the "identification" of
>> the device problem.. but the naming side of it still exists.
>>
>> Thanks for the clarification on how it's being used. For me the bigger
>> question is do we want a spec that solves the cross-device SSO problem (in
>> most cases this is a new device use case).
>>
>> Tom, I think passkeys and authentication at that level is orthogonal to
>> this spec. It is addressing how the user authenticates where this spec is
>> about sharing the authentication state once the user has authenticated. Is
>> that fair?
>>
>> Thanks,
>> George
>>
>> On Wed, Sep 21, 2022 at 11:36 AM Tom Jones via Openid-specs-ab <
>> openid-specs-ab at lists.openid.net> wrote:
>>
>>> The talk raised larger issues.  Since the big guys support cross device
>>> and webauth is device only (AFAIK) how is a RP able to keep track of
>>> people if devices/big guys are in the ID mix?
>>>
>>> ..tom
>>>
>>>
>>> On Wed, Sep 21, 2022 at 8:27 AM Karl McGuinness via Openid-specs-ab <
>>> openid-specs-ab at lists.openid.net> wrote:
>>>
>>>> This talk was more aspirational with cross-device scenarios with
>>>> keychain.  We currently only have customers in production using the
>>>> intended native app to app (app suite) on a single device use case.
>>>>
>>>> Interested to hear the feedback.  The lack of interoperable way to tag
>>>> a refresh token with “device_id” or “device_name” is a common gap today
>>>> with users using the same app (client_id) across their devices  (e.g phone
>>>> and tablet) which is much more common with public clients and wanting to
>>>> revoke tokens for a specific device that I’m surprised we haven’t resolved
>>>> yet in some other OAuth spec (don’t see any registrations in
>>>> https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#parameters
>>>> <https://urldefense.com/v3/__https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml*parameters__;Iw!!FrPt2g6CO4Wadw!PdVsktzJjFe4Z2zMaBPeGu9YCHqUKAZQ6fKllz26Mb_n35GfATo808AbH3Gs2AllC7dQduAxtgA1cYRVSs_Ykmv8orFHeZ7drUegEfM$>
>>>> ).
>>>>
>>>> -Karl
>>>>
>>>> On Sep 20, 2022, at 11:02 AM, George Fletcher via Openid-specs-ab <
>>>> openid-specs-ab at lists.openid.net> wrote:
>>>>
>>>> *This message originated outside your organization.*
>>>>
>>>> ------------------------------
>>>>
>>>> For those that missed this talk (Frictionless authentication with
>>>> mobile single-sign-on; https://www.youtube.com/watch?v=8BkblIYjegk
>>>> <https://urldefense.com/v3/__https://www.youtube.com/watch?v=8BkblIYjegk__;!!PwKahg!4gaWgD58arjDKiAw8ptJBYOccKxhuF1PoyA2cquMoQ1cLwBYOqmqrU0VIvISxMp0yRn6GSAn3Sq7N2kNuJ6T-q_3ThHocRU$>)
>>>> at Identiverse in June... it covers an additional use case for the native
>>>> sso spec. I'd like to discuss this aspect as well on 9/22. I suspect some
>>>> additional text in the spec may be required to address this use case.
>>>>
>>>> Thanks,
>>>> George
>>>>
>>>> On Fri, Sep 9, 2022 at 4:46 PM Mike Jones via Openid-specs-ab <
>>>> openid-specs-ab at lists.openid.net> wrote:
>>>>
>>>>> It was decided at yesterday’s working group call to advance the OpenID
>>>>> Connect Native SSO for Mobile Apps specification to Implementer’s Draft
>>>>> status.  Prior to the foundation-wide review, please review the
>>>>> specification at
>>>>> https://openid.net/specs/openid-connect-native-sso-1_0.html
>>>>> <https://urldefense.com/v3/__https://openid.net/specs/openid-connect-native-sso-1_0.html__;!!FrPt2g6CO4Wadw!I0ljc7o-nQa84JH_sl9lYFQhmv7ta1ezRPgP6r5C0sUc9VCSrnrkisjkNpkO_2ifbwuZ-u6KjtxkbHVafArRiq1A_2JZmvauBSXbCeM$>
>>>>>  and file any issues at
>>>>> https://bitbucket.org/openid/connect/issues?status=new&status=open
>>>>> <https://urldefense.com/v3/__https://bitbucket.org/openid/connect/issues?status=new&status=open__;!!FrPt2g6CO4Wadw!I0ljc7o-nQa84JH_sl9lYFQhmv7ta1ezRPgP6r5C0sUc9VCSrnrkisjkNpkO_2ifbwuZ-u6KjtxkbHVafArRiq1A_2JZmvauesDydW0$>.
>>>>> Please complete your reviews in time for the working group call on
>>>>> Thursday, September 22nd.
>>>>>
>>>>>
>>>>>
>>>>>                                                        -- Mike
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Openid-specs-ab mailing list
>>>>> Openid-specs-ab at lists.openid.net
>>>>>
>>>>> https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!I0ljc7o-nQa84JH_sl9lYFQhmv7ta1ezRPgP6r5C0sUc9VCSrnrkisjkNpkO_2ifbwuZ-u6KjtxkbHVafArRiq1A_2JZmvauQIwnTfk$
>>>>>
>>>>>
>>>> ------------------------------
>>>>
>>>>
>>>> The information contained in this e-mail is confidential and/or
>>>> proprietary to Capital One and/or its affiliates and may only be used
>>>> solely in performance of work or services for Capital One. The information
>>>> transmitted herewith is intended only for use by the individual or entity
>>>> to which it is addressed. If the reader of this message is not the intended
>>>> recipient, you are hereby notified that any review, retransmission,
>>>> dissemination, distribution, copying or other use of, or taking of any
>>>> action in reliance upon this information is strictly prohibited. If you
>>>> have received this communication in error, please contact the sender and
>>>> delete the material from your computer.
>>>>
>>>>
>>>> _______________________________________________
>>>> Openid-specs-ab mailing list
>>>> Openid-specs-ab at lists.openid.net
>>>> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>> <https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!PdVsktzJjFe4Z2zMaBPeGu9YCHqUKAZQ6fKllz26Mb_n35GfATo808AbH3Gs2AllC7dQduAxtgA1cYRVSs_Ykmv8orFHeZ7dBUc-c7E$>
>>>>
>>>>
>>>> _______________________________________________
>>>> Openid-specs-ab mailing list
>>>> Openid-specs-ab at lists.openid.net
>>>> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>> <https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!PdVsktzJjFe4Z2zMaBPeGu9YCHqUKAZQ6fKllz26Mb_n35GfATo808AbH3Gs2AllC7dQduAxtgA1cYRVSs_Ykmv8orFHeZ7dBUc-c7E$>
>>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>>
>>> https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!PdVsktzJjFe4Z2zMaBPeGu9YCHqUKAZQ6fKllz26Mb_n35GfATo808AbH3Gs2AllC7dQduAxtgA1cYRVSs_Ykmv8orFHeZ7dBUc-c7E$
>>>
>>>
>> ------------------------------
>>
>> The information contained in this e-mail is confidential and/or
>> proprietary to Capital One and/or its affiliates and may only be used
>> solely in performance of work or services for Capital One. The information
>> transmitted herewith is intended only for use by the individual or entity
>> to which it is addressed. If the reader of this message is not the intended
>> recipient, you are hereby notified that any review, retransmission,
>> dissemination, distribution, copying or other use of, or taking of any
>> action in reliance upon this information is strictly prohibited. If you
>> have received this communication in error, please contact the sender and
>> delete the material from your computer.
>>
>>
>>
>>
>> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
>
> https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!Op6eflyXZCqGR5I!BOik3Q53vaPilyGJsNr3JzTsEh8FKLVs3ppm36VUKgOzZKO5sBQe5U57R8EuLTJomNxtSWTSJc8NLLglsXq5h-ebFOjXe2U$
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220921/19be8c99/attachment.html>

More information about the Openid-specs-ab mailing list