<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<p>Thanks Mike, Roland and Filip. Having the RP-initiated logout in
a document on its own feels so much better now. I also like the
updated sections in each spec informing the pros / cons of each
approach.<br>
</p>
<p>Vladimir<br>
</p>
<div class="moz-cite-prefix">On 08/08/2020 06:48, Mike Jones via
Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite"
cite="mid:MN2PR00MB0688A265D53F33445194BA99F5460@MN2PR00MB0688.namprd00.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:239411415;
mso-list-type:hybrid;
mso-list-template-ids:-74658278 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">I’ve been systematically working through
all the open issues filed about the OpenID Connect Logout
specs in preparation for advancing them to Final Specification
status. I’m pleased to report that I’ve released drafts that
address all these issues. The new drafts are:<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l0 level1 lfo1"><a
href="https://openid.net/specs/openid-connect-rpinitiated-1_0-01.html"
moz-do-not-send="true">OpenID Connect RP-Initiated Logout
1.0 - draft 01</a><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l0 level1 lfo1"><a
href="https://openid.net/specs/openid-connect-session-1_0-30.html"
moz-do-not-send="true">OpenID Connect Session Management
1.0 - draft 30</a><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l0 level1 lfo1"><a
href="https://openid.net/specs/openid-connect-frontchannel-1_0-04.html"
moz-do-not-send="true">OpenID Connect Front-Channel Logout
1.0 - draft 04</a><o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l0 level1 lfo1"><a
href="https://openid.net/specs/openid-connect-backchannel-1_0-06.html"
moz-do-not-send="true">OpenID Connect Back-Channel Logout
1.0 - draft 06</a><o:p></o:p></li>
</ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The OpenID Connect working group waited to
make these Final Specifications until we received feedback
resulting from certification of logout deployments. Indeed,
this feedback identified a few ambiguities and deficiencies in
the specifications, which have been addressed in the latest
edits. You can see the certified logout implementations at
<a href="https://openid.net/certification/"
moz-do-not-send="true">https://openid.net/certification/</a>.
We encourage you to likewise certify your implementations now.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Please see the latest History entries in
the specifications for descriptions of the normative changes
made. The history entries list the issue numbers addressed.
The issues can be viewed in the
<a
href="https://bitbucket.org/openid/connect/issues?status=new&status=open"
moz-do-not-send="true">OpenID Connect issue tracker</a>,
including links to the commits containing the changes that
resolved them.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><i>All are encouraged to review these
drafts</i></b> in advance of the formal OpenID Foundation
review period for them, which should commence in a few weeks.
If you believe that changes are needed before they become
Final Specifications, please file issues describing the
proposed changes. Discussion on the <a
href="mailto:openid-specs-ab@lists.openid.net"
moz-do-not-send="true">
OpenID Connect mailing list</a> is also encouraged.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Special thanks to <a
href="https://twitter.com/RolandHedberg"
moz-do-not-send="true">
Roland Hedberg</a> for writing the initial logout
certification tests. And thanks to
<a href="https://twitter.com/_panva" moz-do-not-send="true">Filip
Skokan</a> for providing resolutions to two of the thornier
Session Management issues.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">
-- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">P.S. This notice was also posted at <a
href="https://self-issued.info/?p=2115"
moz-do-not-send="true">
https://self-issued.info/?p=2115</a> and as <a
href="https://twitter.com/selfissued" moz-do-not-send="true">
@selfissued</a>.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<br>
</body>
</html>