[Openid-specs-risc] openid/sharedsignals: New Issue opened
github at oidf.org
github at oidf.org
Mon May 12 19:26:54 UTC 2025
openid/sharedsignals event
Issue opened
Issue Title: SSF Events not just informational
https://github.com/openid/sharedsignals/issues/255
Whenever I bring up the use of SSF for managing session state or changes to deployed systems, I quite often get a response that SSF Events are "just informational". In my conversations with a number of people this isn't strictly true. Instead, the SSF specifications are silent on the behavioral rules in play for any given deployment when an event is received. I'm wondering if makes sense to clearly call this out in the specification as a non-normative information statement. Something like... The Shared Signals Framework does not define explicit processing behavior for receipt of events specifically to allow for each deployment to define the behaviors that make sense for that environment. These behaviors can range from treating the event as informational input to additional processing, to mandatory enforcement of the specified state change (e.g. session revoke).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20250512/77368f50/attachment.htm>
More information about the Openid-specs-risc
mailing list