[Openid-specs-risc] Agenda for tomorrow's call

Tue Nov 28 17:57:26 UTC 2023

Hi Atul,

Read over the interop profile and this is something we talked about previously around Session Revoked (https://openid.net/specs/openid-caep-specification-1_0.html#rfc.section.3.1).

The interop profile says that implementation MAY choose to support one or more of the following which includes session revocation/logout or Credential Change. Session Revoked signals that the session(s) identified by the subject or implied subjects have been revoked. What I think may be missing is the reconciliation aspect of revoking a session. A signal / event that indicates that consumers should revoke a session versus a session has been revoked is different.

As a transmitter, when a session-revoked event is emitted to subscribers is it implied that there has been a session revoked or that the subscribers should revoke a session? I think the session revoked event can be misconstrued and is more of an indicator that something has been done (i.e. session revoked) without a leading event that says you should revoke the session for said subject(s). I see this as missing a leading indicator in order to inform other receivers and transmitters that effectively the security signal was handled accordingly…. Like a ledger.

Thanks,
Sean

From: Openid-specs-risc <openid-specs-risc-bounces at lists.openid.net> on behalf of Atul Tulshibagwale via Openid-specs-risc <openid-specs-risc at lists.openid.net>
Reply-To: Atul Tulshibagwale <atul at sgnl.ai>
Date: Monday, November 27, 2023 at 6:06 PM
To: OpenID RISC List <openid-specs-risc at lists.openid.net>
Subject: [Openid-specs-risc] Agenda for tomorrow's call

This Message is From an External Sender
Caution: Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hi all,
I've added items from Apoorva and Shayne's review of the interop profile in the agenda of tomorrow's call<https://urldefense.com/v3/__https:/hackmd.io/@oidf-wg-sse/wg-meeting-20231128__;!!Om87Lau1Cg!OzF6ziJd8D8ixrgUgQfLzjGEW8qCyAIDk0q-ZJjfuIw-GBo-j6NFGAkSsidAMcSkhQkuDehInDgEMqfxbvth8gYl9VdxEo5BCVo$>. Please review the draft of the interop profile<https://urldefense.com/v3/__https:/sgnl-ai.github.io/caep-interop/caep-interoperability-profile-1_0.html__;!!Om87Lau1Cg!OzF6ziJd8D8ixrgUgQfLzjGEW8qCyAIDk0q-ZJjfuIw-GBo-j6NFGAkSsidAMcSkhQkuDehInDgEMqfxbvth8gYl9VdxBlNABIs$> and comment via email to this list with your review.

Thanks,
Atul

--

[Image removed by sender.]<https://urldefense.com/v3/__https:/sgnl.ai__;!!Om87Lau1Cg!OzF6ziJd8D8ixrgUgQfLzjGEW8qCyAIDk0q-ZJjfuIw-GBo-j6NFGAkSsidAMcSkhQkuDehInDgEMqfxbvth8gYl9Vdxy3gkfDE$>

Atul Tulshibagwale

CTO

[Image removed by sender.]<https://urldefense.com/v3/__https:/linkedin.com/in/tulshi__;!!Om87Lau1Cg!OzF6ziJd8D8ixrgUgQfLzjGEW8qCyAIDk0q-ZJjfuIw-GBo-j6NFGAkSsidAMcSkhQkuDehInDgEMqfxbvth8gYl9Vdxn8ofdiE$>[Image removed by sender.]<https://urldefense.com/v3/__https:/twitter.com/zirotrust__;!!Om87Lau1Cg!OzF6ziJd8D8ixrgUgQfLzjGEW8qCyAIDk0q-ZJjfuIw-GBo-j6NFGAkSsidAMcSkhQkuDehInDgEMqfxbvth8gYl9Vdxl16cg7o$>[Image removed by sender.]<mailto:atul at sgnl.ai>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20231128/494fa067/attachment-0001.html>