<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">(Speaking as someone who has always tried to steer people away from iframe mechanisms)<br class=""><div><br class=""></div><div>My ideal outcome would be evolution on a timeline where browsers would:</div><div>1. Keep RPs/SPs/clients working with ideally minimal degradation if no changes are made</div><div>2. Have IDPs/OPs/ASs work with potentially significant user impact/degradation if no changes are made</div><div>3. Propose alternatives, involving changes for all parties, providing overall better user experience.</div><div><br class=""></div><div>I would hope we have proposals that go beyond iframe scenarios, but the efforts to keep them working is an effort to reduce the number of deployed applications which need to be modified, and the urgency by which they need to be changed.</div><div><br class=""></div><div>-DW</div><div><br class=""><blockquote type="cite" class=""><div class="">On Jul 5, 2021, at 9:35 AM, Brock Allen via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" class="">openid-specs-ab@lists.openid.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div id="__MailbirdStyleContent" style="font-size: 10pt; font-family: "Lucida Console"; text-align: left;" dir="ltr" class="">
Thanks for the write up, Tim.<div class=""><br class=""></div><div class="">General question I've been meaning to ask for the past few months -- I notice a bunch of effort is being put into thinking about the iframe scenarios (OIDC front-channel logout, JS token renewal, JS check session notification).</div><div class=""><br class=""></div><div class="">Given that some browsers have already broken those scenarios, why would anyone keep putting effort into them? If ~10%+ of your user base can't use these features given their browser preference, then as an application/identity architect I'd conclude that I can'<span style="font-size: 10pt" class="">t use them at all in my design.</span></div><div class=""><span style="font-size: 10pt" class=""><br class=""></span></div><div class=""><span style="font-size: 10pt" class="">My current thinking is that if you have a cross-site IdP, then your web app must have a back-end, use refresh tokens, and back channel logout to simply function these days.</span></div><div class=""><span style="font-size: 10pt" class=""><br class=""></span></div><div class=""><span style="font-size: 10pt" class="">What am I missing?</span></div><div class=""><div class=""><br class=""></div><div class="mb_sig"><span style="font-family: Lucida Console;font-size: 10pt" class="">-Brock</span></div><blockquote class="history_container" type="cite" style="border-left-style:solid;border-width:1px; margin-top:20px; margin-left:0px;padding-left:10px;"><p style="color: #AAAAAA; margin-top: 10px;" class="">On 6/30/2021 3:54:09 PM, Tim Cappalli via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" class="">openid-specs-ab@lists.openid.net</a>> wrote:</p><div style="font-family:Arial,Helvetica,sans-serif" class="">
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt;" class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">
<span style="font-size: 12pt; font-family: Arial, sans-serif;" class="">Hey all,
<o:p class=""> </o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">
<span style="font-size: 12pt; font-family: Arial, sans-serif;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">
<span style="font-size: 12pt; font-family: Arial, sans-serif;" class="">Here are the meeting notes from today's special topic call. Please feel free to add or correct anything.<o:p class=""> </o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">
<span style="font-size: 12pt; font-family: Arial, sans-serif;" class=""><o:p class=""> </o:p></span></div>
<div class="MsoNormal" style="margin: 0px 0in;font-size: 11pt;font-family: Calibri, sans-serif">
<a href="https://bitbucket.org/openid/connect/wiki/Browser%20Interactions%20Special%20Topics%20Call%20-%2020210630" id="LPlnk462113" class=""><span style="font-family: Arial, Helvetica, sans-serif;" class="">openid / connect / wiki / Browser Interactions Special Topics Call
- 20210630 — Bitbucket</span></a><br class="">
</div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">
<span style="font-size: 12pt; font-family: Arial, sans-serif;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">
<span style="font-size: 12pt; font-family: Arial, sans-serif;" class="">Next meeting is in two weeks on July 14th (UTC).<o:p class=""> </o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">
<span style="font-size: 12pt; font-family: Arial, sans-serif;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">
<span style="font-size: 12pt; font-family: Arial, sans-serif;" class="">Tim<o:p class=""> </o:p></span></div>
<br class="">
</div>
</div></blockquote>
</div></div>_______________________________________________<br class="">Openid-specs-ab mailing list<br class=""><a href="mailto:Openid-specs-ab@lists.openid.net" class="">Openid-specs-ab@lists.openid.net</a><br class="">http://lists.openid.net/mailman/listinfo/openid-specs-ab<br class=""></div></blockquote></div><br class=""></body></html>