[Openid-specs-ab] Feedback on failed RP logouts to OP wanted

Mike Jones Michael.Jones at microsoft.com
Fri Feb 26 01:40:34 UTC 2016


I've received feedback on the front-channel logout spec that it doesn't satisfy a business/legal requirement to notify the end-user when logout fails, if the failure is detected.  The -00 version of logout used image GETs by default, which returned either a 200 or failure status code, so there was a means of signaling failures.  See http://openid.net/specs/openid-connect-logout-1_0-00.html#RPLogout.  This was removed as a simplification in -01 in favor of always using iframes.

A developer at Microsoft plans to prototype another possible means of reporting failures - using HTML5 postMessage and report back to us on his experience.  I told him that he should do it in a way that supporting it is optional.

I'd be interested in other's thoughts on this topic.

                                                                -- Mike

From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Jones
Sent: Saturday, February 20, 2016 2:58 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] HTTP-Based Logout renamed to Front-Channel Logout

Carrying out a working group decision from a while ago, the OpenID Connect HTTP-Based Logout specification has been renamed to OpenID Connect Front-Channel Logout.  It is now much parallel to the OpenID Connect Back-Channel Logout specification.  The renamed specification is available at http://openid.net/specs/openid-connect-frontchannel-1_0.html.  "frontchannel_" prefixes were also added to the discovery and registration identifiers, again, paralleling the corresponding "backchannel_" prefixes in the Back-Channel specification.

The three logout specifications now all reference one another and describe the relationships between them.

The next step the working group should probably take to progress the logout specifications is to reconcile the different session identifier definitions contained in them.  This renaming also helps us progress on the errata process, since we'd decided to add the Front-Channel and Back-Channel specifications to the set of referenced related specifications.

                                                          -- Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160226/8337a39a/attachment.html>


More information about the Openid-specs-ab mailing list