[Openid-specs-ab] OpenID Connect Logout specs addressing all known issues

Mike Jones Michael.Jones at microsoft.com
Sat Aug 8 03:48:36 UTC 2020

I've been systematically working through all the open issues filed about the OpenID Connect Logout specs in preparation for advancing them to Final Specification status.  I'm pleased to report that I've released drafts that address all these issues.  The new drafts are:

  *   OpenID Connect RP-Initiated Logout 1.0 - draft 01<https://openid.net/specs/openid-connect-rpinitiated-1_0-01.html>
  *   OpenID Connect Session Management 1.0 - draft 30<https://openid.net/specs/openid-connect-session-1_0-30.html>
  *   OpenID Connect Front-Channel Logout 1.0 - draft 04<https://openid.net/specs/openid-connect-frontchannel-1_0-04.html>
  *   OpenID Connect Back-Channel Logout 1.0 - draft 06<https://openid.net/specs/openid-connect-backchannel-1_0-06.html>

The OpenID Connect working group waited to make these Final Specifications until we received feedback resulting from certification of logout deployments.  Indeed, this feedback identified a few ambiguities and deficiencies in the specifications, which have been addressed in the latest edits.  You can see the certified logout implementations at https://openid.net/certification/.  We encourage you to likewise certify your implementations now.

Please see the latest History entries in the specifications for descriptions of the normative changes made.  The history entries list the issue numbers addressed.  The issues can be viewed in the OpenID Connect issue tracker<https://bitbucket.org/openid/connect/issues?status=new&status=open>, including links to the commits containing the changes that resolved them.

All are encouraged to review these drafts in advance of the formal OpenID Foundation review period for them, which should commence in a few weeks.  If you believe that changes are needed before they become Final Specifications, please file issues describing the proposed changes.  Discussion on the OpenID Connect mailing list<mailto:openid-specs-ab at lists.openid.net> is also encouraged.

Special thanks to Roland Hedberg<https://twitter.com/RolandHedberg> for writing the initial logout certification tests.  And thanks to Filip Skokan<https://twitter.com/_panva> for providing resolutions to two of the thornier Session Management issues.

                                                       -- Mike

P.S.  This notice was also posted at https://self-issued.info/?p=2115 and as @selfissued<https://twitter.com/selfissued>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200808/dbcc274f/attachment.html>

More information about the Openid-specs-ab mailing list