[Openid-specs-ab] OpenID Connect session management discussion 24-Oct-12

Mike Jones Michael.Jones at microsoft.com
Wed Oct 24 18:12:52 UTC 2012


OpenID Connect session management discussion 24-Oct-12

9:30-10:30 IIW session, Room B

Breno de Medeiros gave a tutorial on the current session management model

Mike Jones let the audience know that the purpose of the session is to refine the contents of the OpenID session management spec:
               http://openid.net/specs/openid-connect-session-1_0.html

Issue:  Is "ops" a separate parameter?
               We decided that it should be a separate parameter from the ID Token

Google implementation feedback:  RPs are likely to hold on to "ops" as a cookie so we should make sure that it's safe to do so
               Safe across multiple tabs from same RP
               Safe for users by respecting cookie same-origin policy

We should add a JavaScript origin to the crypto function that computes the ops
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20121024/3cdd9651/attachment.html>


More information about the Openid-specs-ab mailing list