[Openid-specs-ab] Review of Proposed Implementer’s Drafts of OpenID Connect Logout Specifications

Filip panva.ip at gmail.com
Mon Feb 13 18:29:41 UTC 2017


Hello Mike, everyone,

I summarized my findings and showcased an example cookie based
implementation of affected session management OP frame in Issue #1003 . The
example shows how cookie based implementations may mitigate the nasty
sideeffect of endless "changed" states returned to the RP.

Best,
*Filip Skokan*

On Sun, Feb 5, 2017 at 7:26 PM, Mike Jones <Michael.Jones at microsoft.com>
wrote:

> Hi Filip,
>
>
>
> The main thing needed is for someone to clearly and concisely write down a
> description of the limitations and for the working group to review.  Then
> it can be added to the specifications in the future.
>
>
>
> There’s an issue about this at https://bitbucket.org/openid/
> connect/issues/1003/document-possible-impacts-of-disabling but it hasn’t
> been assigned to anyone.  If you’d like to take a crack at it, have at it.
> You could add the proposed text directly to the issue.
>
>
>
> The good news is that adding this text wouldn’t change what the
> specifications do or how they work, so doing so wouldn’t be a breaking
> change later.  It would simply be commentary on how implementations will
> work (or not) in certain environments.  Also, note that these are proposed
> to be Implementer’s Drafts – not Final Specifications.  So there will be
> plenty of time in the future to add this commentary once there is working
> group consensus on what we actually want to say.
>
>
>
> Thanks for bringing this issue back up.
>
>
>
>                                                           Best wishes,
>
>                                                           -- Mike
>
>
>
> *From:* Filip [mailto:panva.ip at gmail.com]
> *Sent:* Sunday, February 5, 2017 12:52 AM
> *To:* Mike Jones <Michael.Jones at microsoft.com>;
> openid-specs-ab at lists.openid.net
> *Subject:* Re: [Openid-specs-ab] Review of Proposed Implementer’s Drafts
> of OpenID Connect Logout Specifications
>
>
>
> When would the notes about limitations coming from third party cookie
> disabled browsers make it's way to the specifications? (session and
> frontchannel).
>
>
> Best,
> *Filip Skokan*
>
>
>
> On Sun, Feb 5, 2017 at 12:48 AM, Mike Jones via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
> The OpenID Connect Working Group recommends approval of the following
> specifications as OpenID Implementer’s Drafts:
>
> ·       Session Management
> <http://openid.net/specs/openid-connect-session-1_0-28.html> – Defines
> how to manage OpenID Connect sessions, including postMessage-based logout
> functionality
>
> ·       Front-Channel Logout
> <http://openid.net/specs/openid-connect-frontchannel-1_0-02.html> –
> Defines a front-channel logout mechanism that does not use an OP iframe on
> RP pages
>
> ·       Back-Channel Logout
> <http://openid.net/specs/openid-connect-backchannel-1_0-04.html> –
> Defines a logout mechanism that uses back-channel communication between the
> OP and RPs being logged out
>
> Each of these protocols communicate logout requests from OpenID Providers
> to Relying Parties, but using different mechanisms that are appropriate for
> different use cases. See the Introduction section of each of the
> specifications for descriptions of the mechanisms used and comparisons
> between them. All the specifications share a common mechanism for
> communicating logout requests from Relying Parties to OpenID Providers.
>
> An Implementer’s Draft is a stable version of a specification providing
> intellectual property protections to implementers of the specification.
> This note starts the 45-day public review period for the specification
> drafts in accordance with the OpenID Foundation IPR policies and
> procedures. This review period will end on Tuesday, March 21, 2017. Unless
> issues are identified during the review that the working group believes
> must be addressed by revising the drafts, this review period will be
> followed by a seven-day voting period during which OpenID Foundation
> members will vote on whether to approve these drafts as OpenID
> Implementer’s Drafts. For the convenience of members, voting may begin up
> to two weeks before March 21st, with the voting period still ending on
> Tuesday, March 28, 2017.
>
> These specifications are available at:
>
> ·       http://openid.net/specs/openid-connect-session-1_0-28.html
>
> ·       http://openid.net/specs/openid-connect-frontchannel-1_0-02.html
>
> ·       http://openid.net/specs/openid-connect-backchannel-1_0-04.html
>
> A description of OpenID Connect can be found at http://openid.net/connect/.
> The working group page is http://openid.net/wg/connect/. Information on
> joining the OpenID Foundation can be found at
> https://openid.net/foundation/members/registration. If you’re not a
> current OpenID Foundation member, please consider joining to participate in
> the approval vote.
>
> You can send feedback on the specifications in a way that enables the
> working group to act upon your feedback by (1) signing the contribution
> agreement at http://openid.net/intellectual-property/ to join the working
> group (please specify that you are joining the “AB+Connect” working group
> on your contribution agreement), (2) joining the working group mailing list
> at http://lists.openid.net/mailman/listinfo/openid-specs-ab, and (3)
> sending your feedback to the list.
>
> — Michael B. Jones – OpenID Foundation Board Secretary
>
> P.S.  This notice was also posted at http://openid.net/2017/02/04/
> review-of-proposed-implementers-drafts-of-openid-
> connect-logout-specifications/ and as @openid <https://twitter.com/openid>
> .
>
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170213/f31b20dc/attachment-0001.html>


More information about the Openid-specs-ab mailing list