<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#002060;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">This reply is being written wearing my board secretary hat, in order to clear up several points of possible confusion created by Phil’s note.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">Phil, the question before the foundation is membership is whether the OpenID Foundation membership wants there to be intellectual property protections for implementers
of <a href="http://openid.net/specs/openid-connect-session-1_0-28.html">openid-connect-session-1_0-28.html</a>
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"><a href="openid-connect-frontchannel-1_0-02.html">openid-connect-frontchannel-1_0-02.html</a>, and
<a href="http://openid.net/specs/openid-connect-backchannel-1_0-04.html">openid-connect-backchannel-1_0-04.html</a>. The question is
<i>not</i> being asked whether the membership believes that these should become OpenID Final Specifications. People should vote their positions on the intellectual property protection question (while also separately providing technical feedback to the working
group, should they decide to do that).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">There is
<i>not</i> an option to vote separately on the three specifications. As is typically done with closely related specifications, the options are to Approve, Reject, or Abstain on the question of providing intellectual property protections for all three specifications.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">Phil, as a working group member who participated in the decision to ask for intellectual property protections for this bundle of related specifications (see the
<a href="http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20170116/006422.html">
January 19, 2017 working group call notes</a>), I’m surprised that you would now oppose those protections, but it’s obviously up to you how you vote. The logical time to raise objections within the working group would have been during the
<a href="http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20170123/006428.html">
one-week review of the Candidate proposed OpenID Connect logout Implementer's Drafts</a>, which was announced by e-mail to the working group on January 25, 2017, before the foundation-wide public review period. No objections were raised by anyone, and so
<a href="http://openid.net/2017/02/04/review-of-proposed-implementers-drafts-of-openid-connect-logout-specifications/">
the foundation-wide review was announced</a> on February 4, 2017.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">To be clear, while writing as board secretary, I am intentionally not taking a position on any of the technical points that Phil is raising. The working group
can and should discuss these, but they are not the subject of this thread.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"> -- Mike (OpenID Foundation Board Secretary)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">P.S. Phil, I’ll respond privately to your “</span>Which account do we log in with?<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">”
question.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Phil Hunt [mailto:phil.hunt@oracle.com]
<br>
<b>Sent:</b> Thursday, March 16, 2017 3:24 PM<br>
<b>To:</b> Mike Jones <Michael.Jones@microsoft.com><br>
<b>Cc:</b> openid-specs-ab@lists.openid.net<br>
<b>Subject:</b> Re: [Openid-specs-ab] Vote to approve logout Implementer's Drafts<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">With regards to the Backchannel Logout spec, I urge a vote of NO to moving forward at this time.<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Approving the Backchannel Logout is premature given that SET, which Backchannel depends on, has not been through WGLC.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I believe there are issues in the SET draft which need to be resolved first that may result in normative changes. For example, differentiation of SETs (Logout Events) from ID Tokens and Access tokens.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The Backchannel Logout draft causes confusion as to whether it is a command or an event. We have not had good discussion on the differences in intent. A Logout Event should simply say session X was canceled by an issuer. It is not a command
to a third party though the expectation is that often policy at the receiver will cause that effect.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I believe there are many use cases where relying parties (clients) will also want to signal logouts. Though there may not be need to affect a single-sign-out but rather a need to co-ordinate UX. Even when session cancellation not propagated
to other clients it may be useful for the OP to know that a particular client needs a new token in order to establish a new session.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Regardless of whether these are valid concerns, I believe we need to continue to discuss the scope of use cases the draft should address. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Phil<o:p></o:p></p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">Oracle Corporation, Identity Cloud Architect & Standards<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">@independentid<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><a href="http://www.independentid.com">www.independentid.com</a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><span style="color:black"><a href="mailto:phil.hunt@oracle.com">phil.hunt@oracle.com</a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Mar 16, 2017, at 11:55 AM, Mike Jones via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>> wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">As described at<span class="apple-converted-space"> </span><a href="http://openid.net/2017/03/07/notice-of-vote-for-implementers-drafts-of-openid-connect-logout-specifications/"><span style="color:#954F72">http://openid.net/2017/03/07/notice-of-vote-for-implementers-drafts-of-openid-connect-logout-specifications/</span></a>,
the vote to approve the Implementer’s Drafts of the three logout specs is under way. There’s a quorum requirement for approval, so if you’re an OpenID Foundation member, please participate in vote now at<span class="apple-converted-space"> </span><a href="https://openid.net/foundation/members/polls/111"><span style="color:#954F72">https://openid.net/foundation/members/polls/111</span></a>.
(And if you’re not a member, the page says how you can become a member and vote.)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Implementer’s Drafts are not final specifications – they are stable versions for people to use for interop testing and early deployments. Additional changes incorporating
developer feedback are still possible after the specifications become Implementer’s Drafts.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Thanks,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> -- Mike<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">(writing as OpenID Foundation Board Secretary)<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">_______________________________________________<br>
Openid-specs-ab mailing list<br>
</span><a href="mailto:Openid-specs-ab@lists.openid.net"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#954F72">Openid-specs-ab@lists.openid.net</span></a><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br>
</span><a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#954F72">http://lists.openid.net/mailman/listinfo/openid-specs-ab</span></a><o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>