[Openid-specs-ab] First full HTML-based logout spec published

Thomas Broyer t.broyer at gmail.com
Mon Mar 9 23:11:28 UTC 2015


Session Management is not about "logout", more about "state change" to
trigger a re-auth and possibly get an error that will trigger a "logout at
the RP" (or to put it differently, "end of session")
The section about logout in Session Management is RP-Initiated logout at
the OP, whereas this spec is OP-Initiated logout (end of session) at the
RPs.
So "HTML-Based Logout" (as you mistyped almost everywhere: here, on your
blog, on twitter, on the openid.net web pages) would be much better than
"HTTP-Based Logout" IMO (what part of OIDC is not HTTP to begin with?), or
maybe "browser-based logout"? Or how about "OP-Initiated distributed
logout", or something about "notifying RPs of logout at the OP".

On Mon, Mar 9, 2015 at 6:15 PM Mike Jones <Michael.Jones at microsoft.com>
wrote:

> The title is currently "OpenID Connect HTTP-Based Logout 1.0".  It's HTTP,
> because it's HTTP methods such as GET that trigger the logouts.  If
> anything, the Session Management spec is really the one that's HTML-based
> logout, because it's using HTML5 postMessage calls to do trigger the
> logouts.  (We'd discussed that on the Thursday working group call, in fact.)
>
> People are encouraged to keep thinking about the naming.  The current name
> is the best that the working group had come up with, to date, but a more
> compelling name would of course be great.
>
>                                 -- Mike
>
> -----Original Message-----
> From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net]
> On Behalf Of mail at alfred-albrecht.net
> Sent: Saturday, March 07, 2015 12:32 AM
> To: openid-specs-ab at lists.openid.net
> Subject: Re: [Openid-specs-ab] First full HTML-based logout spec published
>
> Would it make sense to rename the spec to "HTML-based logout"? Or do you
> plan to define more logout techniques?
>
> Furthermore it seems that logout_supported is now http_logout_supported.
> Maybe a typo.
>
> --
> Alfred
>
> Am 06.03.2015 um 08:25 schrieb Mike Jones:
> > The first full version of the HTML-based logout spec is now published
> > at http://openid.net/specs/openid-connect-logout-1_0.html.  It's also
> > listed on the Connect page at http://openid.net/connect/, the working
> > group repository at http://openid.bitbucket.org/, and the working
> > group page at http://openid.net/wg/connect/.
> >
> >
> >
> > Semantic changes based on feedback since the 24-Feb-15 version are:
> >
> > *        Removed the "iss" query parameter.
> >
> > *        Added an entropy requirement for "sid" values.
> >
> > *        Renamed "logout_supported" to "html_logout_supported".
> >
> >
> >
> >                                                             -- Mike
> >
> >
> >
> >
> >
> > _______________________________________________
> > Openid-specs-ab mailing list
> > Openid-specs-ab at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
> >
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150309/4edc2154/attachment.html>


More information about the Openid-specs-ab mailing list