[Openid-specs-ab] OpenID Connect session management discussion 24-Oct-12
Michael.Jones at microsoft.com
Wed Oct 24 18:12:52 UTC 2012
OpenID Connect session management discussion 24-Oct-12
9:30-10:30 IIW session, Room B
Breno de Medeiros gave a tutorial on the current session management model
Mike Jones let the audience know that the purpose of the session is to refine the contents of the OpenID session management spec:
Issue: Is "ops" a separate parameter?
We decided that it should be a separate parameter from the ID Token
Google implementation feedback: RPs are likely to hold on to "ops" as a cookie so we should make sure that it's safe to do so
Safe across multiple tabs from same RP
Safe for users by respecting cookie same-origin policy
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab