<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Mike,<br>
<br>
where is the sid claim defined? And what is the meaing of SET
compliant?<br>
<br>
best regards,<br>
Torsten.<br>
<br>
<div class="moz-cite-prefix">Am 16.11.2016 um 17:25 schrieb Mike
Jones:<br>
</div>
<blockquote
cite="mid:BN3PR03MB2355A32E3A590485419673B3F5BE0@BN3PR03MB2355.namprd03.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#002060;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">“sid”
is no more event-specific than “iss” and “sub” are. All of
these are defined as top-level JWT claims across the Connect
spec family. This is been extensively discussed on working
group calls and on the list. The conclusion has always been
to keep the logout token claims usage parallel to that in
the ID Token. Unnecessary differences tend to be
counter-productive.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">
-- Mike<o:p></o:p></span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
name="_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"><o:p> </o:p></span></a></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">
Openid-specs-ab
[<a class="moz-txt-link-freetext" href="mailto:openid-specs-ab-bounces@lists.openid.net">mailto:openid-specs-ab-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Phil Hunt via Openid-specs-ab<br>
<b>Sent:</b> Wednesday, November 16, 2016 3:19 PM<br>
<b>To:</b> Torsten Lodderstedt
<a class="moz-txt-link-rfc2396E" href="mailto:torsten@lodderstedt.net"><torsten@lodderstedt.net></a><br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br>
<b>Subject:</b> Re: [Openid-specs-ab] Backchannel Logout
& SET<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">+1…. but we might want to hold off till I
rev the SET draft based on today’s proposed format change
proposed by Justin on the idevents mailing list. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I’ll try to get that published as quick
as I can.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="color:black">Phil<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">@independentid<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><a
moz-do-not-send="true"
href="http://www.independentid.com"><a class="moz-txt-link-abbreviated" href="http://www.independentid.com">www.independentid.com</a></a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><span style="color:black"><a
moz-do-not-send="true"
href="mailto:phil.hunt@oracle.com"><a class="moz-txt-link-abbreviated" href="mailto:phil.hunt@oracle.com">phil.hunt@oracle.com</a></a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Nov 16, 2016, at 11:56 AM,
Torsten Lodderstedt via Openid-specs-ab <<a
moz-do-not-send="true"
href="mailto:openid-specs-ab@lists.openid.net"><a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a></a>>
wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">Hi all,<br>
<br>
I wondering about the consequences of the following
statement: "NOTE: The Logout Token is compatible
with Security Event Token (SET)
[I‑D.hunt‑idevent‑token] draft -03."<br>
<br>
I think "sid" is an event-specific attribute and if
I understand SET correctly, it therefore needs to go
in the additional event data underneath an element "<a
moz-do-not-send="true"
href="http://schemas.openid.net/event/backchannel-logout"><a class="moz-txt-link-freetext" href="http://schemas.openid.net/event/backchannel-logout">http://schemas.openid.net/event/backchannel-logout</a></a>".<br>
<br>
I think the example<br>
<br>
{<br>
"iss": "<a moz-do-not-send="true"
href="https://server.example.com">https://server.example.com</a>",<br>
"sub": "248289761001",<br>
"aud": "s6BhdRkqt3",<br>
"iat": 1471566154,<br>
"jti": "bWJq",<br>
"sid": "08a5019c-17e1-4977-8f42-65a12843ea02",<br>
"events": [ "<a moz-do-not-send="true"
href="http://schemas.openid.net/event/backchannel-logout">http://schemas.openid.net/event/backchannel-logout</a>"
]<br>
}<br>
<br>
should modified to look as follows<br>
<br>
{<br>
"iss": "<a moz-do-not-send="true"
href="https://server.example.com">https://server.example.com</a>",<br>
"sub": "248289761001",<br>
"aud": "s6BhdRkqt3",<br>
"iat": 1471566154,<br>
"jti": "bWJq",<br>
"events": [ "<a moz-do-not-send="true"
href="http://schemas.openid.net/event/backchannel-logout">http://schemas.openid.net/event/backchannel-logout</a>"
]<br>
"<a moz-do-not-send="true"
href="http://schemas.openid.net/event/backchannel-logout">http://schemas.openid.net/event/backchannel-logout</a>":{<br>
"sid": "08a5019c-17e1-4977-8f42-65a12843ea02"<br>
}<br>
}<br>
<br>
What do you think?<br>
<br>
best regards,<br>
Torsten.<br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a moz-do-not-send="true"
href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</blockquote>
<br>
</body>
</html>