[Openid-specs-ab] Issue #1017: Session management: RP-init logout: Proposal for optional ui_locales parameter (openid/connect)

Filip Skokan panva.ip at gmail.com
Mon May 29 16:51:54 UTC 2017


It is not uncommon that OP asks the user to confirm the RP initiated logout
if the request is missing an id_token_hint, i assume the locale is meant
for this confirmation. There are several mentions of an OP confirmation
prompt in Session Management

[1] in section 5: "At the logout endpoint, the OP SHOULD ask the End-User
whether he wants to log out of the OP as well. If the End-User says "yes",
then the OP MUST log out the End-User."
[2] in section 8: "Logout requests without a valid id_token_hint value are
a potential means of denial of service; therefore, OPs may want to require
explicit user confirmation before acting upon them."

Best,
*Filip*

On Mon, May 29, 2017 at 6:22 PM, Sergey Beryozkin via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> Hi Vladimir
>
> We've only prototyped the code around the RP-initiated logout spec text,
> hence the question, in this flow, it is actually the RP-controlled endpoint
> that has the user being redirected to it, once OIDC completes this
> RP-initiated logout request, and this RP endpoint will display the message.
> So is it something that it is not that OIDC can control, which Locale to
> use ?
> I may've missed something with respect to how this flow actually works
> though...
>
> Thanks, Sergey
>
>
> On 29/05/17 16:28, Vladimir Dzhuvinov via Openid-specs-ab wrote:
>
>> New issue 1017: Session management: RP-init logout: Proposal for optional
>> ui_locales parameter
>> https://bitbucket.org/openid/connect/issues/1017/session-man
>> agement-rp-init-logout-proposal
>>
>> Vladimir Dzhuvinov:
>>
>> At the end-session endpoint the end-user typically needs be presented
>> with a confirmation dialog. For that reason I would like to propose a new
>> optional parameter for the RP-initiated logout request -- "ui_locales",
>> identical to the one already available for OpenID authentication requests.
>>
>> We can reuse the description in Core for that:
>>
>> ui_locales
>>>     OPTIONAL. End-User's preferred languages and scripts for the user
>>> interface, represented as a space-separated list of BCP47 [RFC5646]
>>> language tag values, ordered by preference. For instance, the value "fr-CA
>>> fr en" represents a preference for French as spoken in Canada, then French
>>> (without a region designation), followed by English (without a region
>>> designation). An error SHOULD NOT result if some or all of the requested
>>> locales are not supported by the OpenID Provider.
>>>
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170529/e7d03e45/attachment.html>


More information about the Openid-specs-ab mailing list