[Openid-specs-ab] Contributing RP libraries to the Connect WG

Mike Jones Michael.Jones at microsoft.com
Sat Jun 2 01:07:46 UTC 2018

Frankly, I would expect that a Back-Channel Logout implementation built using these libraries would use the JWT support directly and then process the “events” claim with its “http://schemas.openid.net/event/backchannel-logout” element directly in the implementation, just as they would be directly processing the “sid” claim.  There would be no SET layer – rather, simply a direct implementation of the Logout Token as a JWT with a particular set of claims.  If I were writing the code, that’s certainly how I’d do it.

The working group could decide whether to also commission the implementation of logout functionality after these libraries are contributed, but it’s not reasonable to make that functionality a requirement at this stage, especially given that the logout specs are not final specifications yet.  (There are also no certification tests for the logout functionality yet – something on the certification roadmap, but not yet done.)  Rather, I think we should applaud Google for sponsoring work on three high-quality libraries, getting them certified, and contributing them to the OpenID Connect working group.

The other thing the working group could also consider in the future is whether to commission the creation of additional libraries – such as .NET, Ruby, and PHP libraries.  But not having those shouldn’t stand in the way of accepting the ones that are available, once they’re done.

                                                                -- Mike

From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On Behalf Of Phil Hunt via Openid-specs-ab
Sent: Friday, June 1, 2018 5:54 PM
To: openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Contributing RP libraries to the Connect WG

I would like to see this planned for inclusion of SET and the backchannel logout and RISC drafts.

It would seem wasteful to have two libraries that are 98% the same given SETs dependence on JWT.

On May 31, 2018, at 12:26 PM, Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:
As many of you know, Google has commissioned the creation of high-quality JWT/OpenID Connect RP libraries in Python, Java, and JavaScript.  Just as the AppAuth libraries were previously contributed to the OpenID Connect working group, Google would like to contribute these to the working group when they are ready.  The Python library has already achieved certification and is ready.

As board secretary, I’ve been working with them on some of the logistics of this.  The proposed GitHub project names are:


These are intentionally somewhat parallel to these existing project names:


Core maintainers/committers/reviewers would be identified for each library at the time of its contribution.  Roland Hedberg would be in this set for the Python library.

This note is to inform the working group of this possibility and to solicit feedback from the working group, since these would become a project of the working group.

                                                                --- Mike

Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180602/47026d5e/attachment-0001.html>

More information about the Openid-specs-ab mailing list