[Openid-specs-ab] Feedback on failed RP logouts to OP wanted

Nat Sakimura sakimura at gmail.com
Fri Feb 26 03:52:19 UTC 2016


We need to define what the logout_uri responses are just like you did with
img, I suppose.

Look forward to the developer feedback.


2016年2月26日(金) 10:40 Mike Jones <Michael.Jones at microsoft.com>:

> I’ve received feedback on the front-channel logout spec that it doesn’t
> satisfy a business/legal requirement to notify the end-user when logout
> fails, if the failure is detected.  The -00 version of logout used image
> GETs by default, which returned either a 200 or failure status code, so
> there was a means of signaling failures.  See
> http://openid.net/specs/openid-connect-logout-1_0-00.html#RPLogout.  This
> was removed as a simplification in -01 in favor of always using iframes.
>
>
>
> A developer at Microsoft plans to prototype another possible means of
> reporting failures – using HTML5 postMessage and report back to us on his
> experience.  I told him that he should do it in a way that supporting it is
> optional.
>
>
>
> I’d be interested in other’s thoughts on this topic.
>
>
>
>                                                                 -- Mike
>
>
>
> *From:* Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] *On
> Behalf Of *Mike Jones
> *Sent:* Saturday, February 20, 2016 2:58 AM
> *To:* openid-specs-ab at lists.openid.net
> *Subject:* [Openid-specs-ab] HTTP-Based Logout renamed to Front-Channel
> Logout
>
>
>
> Carrying out a working group decision from a while ago, the OpenID Connect
> HTTP-Based Logout specification has been renamed to OpenID Connect
> Front-Channel Logout.  It is now much parallel to the OpenID Connect
> Back-Channel Logout specification.  The renamed specification is available
> at http://openid.net/specs/openid-connect-frontchannel-1_0.html.
> “frontchannel_” prefixes were also added to the discovery and registration
> identifiers, again, paralleling the corresponding “backchannel_” prefixes
> in the Back-Channel specification.
>
>
>
> The three logout specifications now all reference one another and describe
> the relationships between them.
>
>
>
> The next step the working group should probably take to progress the
> logout specifications is to reconcile the different session identifier
> definitions contained in them.  This renaming also helps us progress on the
> errata process, since we’d decided to add the Front-Channel and
> Back-Channel specifications to the set of referenced related specifications.
>
>
>
>                                                           -- Mike
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160226/c1a28355/attachment.html>


More information about the Openid-specs-ab mailing list