<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Single logout is notoriously difficult to get correct. SAML has never managed it. <div><br></div><div>I support looking at it as a option or extension, but would not want to hold up the core spec for it.</div><div><br></div><div>Other protocols have expended large amounts of time on it without a solution that can be understood by the users properly.</div><div><br></div><div>John B.<br><div><div>On 2010-05-22, at 8:47 AM, Dick Hardt wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Great point Torsten. If there is interest in exploring single logout, then it likely belongs in this WG.<div><br></div><div>Are others interested in exploring single logout?</div><div><br></div><div>-- Dick</div><div><br><div><div>On 2010-05-22, at 2:30 AM, Torsten Lodderstedt wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<div bgcolor="#ffffff" text="#000000">
does this or another group consider to incorporate some kind of single
logout support into OpenId?<br>
<br>
regards,<br>
Torsten.<br>
<br>
<blockquote cite="mid:BC63E0C6-8359-4DA0-95D6-64DAE766835D@gmail.com" type="cite"><p class="MsoNormal">At IIW yesterday I held a session on bashing the
OpenID v.Nest Core Protocol Charter. Below is the current draft.
Comments and/or questions welcome. Anyone interested in being a fellow
proposer please let me know and I will add you.</p><p class="MsoNormal">-- Dick</p><p class="MsoNormal"><b>(a)</b><b style=""> <i><u>Charter</u></i>.</b></p><p class="MsoNormal" style="margin: 0cm 0cm 2pt 36pt; text-indent: -27pt;"><b>(i)</b><span style=""> </span><b style="">WG name:</b> OpenID
v.Next Core
Protocol.</p><p class="MsoNormal" style="margin: 0cm 0cm 2pt 36pt; text-indent: -27pt;"><b>(ii)</b><span style=""> </span><b style="">Purpose:</b> Produce a
core protocol
specification or family of specifications for OpenID v.Next that
address the
limitations and drawbacks present in the OpenID 2.0 that limit OpenID’s
applicability, adoption, usability, privacy, and security.<span style="">
</span>Specific goals are:</p><p class="MsoListParagraphCxSpFirst" style="margin: 0cm 0cm 2pt 45pt; text-indent: -18pt;"><span style="font-family: Symbol;"><span style="">·<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span></span>define message flows and verification methods,</p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 2pt 45pt; text-indent: -18pt;"><span style="font-family: Symbol;"><span style="">·<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span></span>enable support for controlled release of
attributes,</p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 2pt 45pt; text-indent: -18pt;"><span style="font-family: Symbol;"><span style="">·<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span></span>enable aggregation of attributes from multiple
verifiable
sources,</p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 2pt 45pt; text-indent: -18pt;"><span style="font-family: Symbol;"><span style="">·<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span></span>enable support for a spectrum of clients,
including passive clients per current usage, thin active clients, and
active
clients with OP functionality,</p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 2pt 45pt; text-indent: -18pt;"><span style="font-family: Symbol;"><span style="">·<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span></span>enable authentication to and use of attributes
by non-browser applications,</p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 2pt 45pt; text-indent: -18pt;"><span style="font-family: Symbol;"><span style="">·<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span></span>enable the use of public key technology to
enhance scalability and performance,</p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 2pt 45pt; text-indent: -18pt;"><span style="font-family: Symbol;"><span style="">·<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span></span>enable optimized protocol flows combining
authentication, attribute release, and resource authorization,</p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 2pt 45pt; text-indent: -18pt;"><span style="font-family: Symbol;"><span style="">·<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span></span>define profiles and support features intended to
enable OpenID to be used at levels of assurance higher than NIST
SP800-63 v2 level
1 ,</p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 2pt 45pt; text-indent: -18pt;"><span style="font-family: Symbol;"><span style="">·<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span></span>define an extension mechanism</p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 2pt 45pt; text-indent: -18pt;"><span style="font-family: Symbol;"><span style="">·<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span></span>ensure the use of OpenID on mobile devices,</p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 2pt 45pt; text-indent: -18pt;"><span style="font-family: Symbol;"><span style="">·<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span></span>ensure the use of OpenID on existing browsers
with URL length restrictions,</p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 2pt 45pt; text-indent: -18pt;"><span style="font-family: Symbol;"><span style="">·<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span></span>complement OAuth 2.0</p><p class="MsoListParagraphCxSpMiddle" style="margin: 0cm 0cm 2pt 45pt; text-indent: -18pt;"><span style="font-family: Symbol;"><span style="">·<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span></span>minimize migration effort from OpenID 2.0</p><p class="MsoListParagraphCxSpLast" style="margin: 0cm 0cm 2pt 45pt; text-indent: -18pt;"><span style="font-family: Symbol;"><span style="">·<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span></span>seamlessly integrate with and complement the
other OpenID v.Next specifications.</p><p class="MsoNormal" style="margin: 0cm 0cm 2pt 36pt; text-indent: -27pt;"><span style=""><span style=""> </span>Compatibility
with OpenID 2.0 is an explicit non-goal for this work.<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0cm 0cm 2pt 36pt; text-indent: -27pt;"><b>(iii)</b><span style=""> </span><b style="">Scope:</b> Produce a
next generation
OpenID core protocol specification or specifications, consistent with
the
purpose statement.</p><p class="MsoNormal" style="margin: 0cm 0cm 2pt 36pt; text-indent: -27pt;"><b>(iv)</b><span style=""> </span><b style="">Proposed List of
Specifications</b>: OpenID
v.Next Core Protocol and possibly related specifications.</p><p class="MsoNormal" style="margin: 0cm 0cm 2pt 36pt; text-indent: -27pt;"><b>(v)</b><span style=""> </span><b style="">Anticipated audience or
users of the work:</b>
Implementers of OpenID Providers, Relying Parties, Active Clients, and
non-browser applications utilizing OpenID.</p><p class="MsoNormal" style="margin: 0cm 0cm 2pt 36pt; text-indent: -27pt;"><b>(vi)</b><span style=""> </span><b style="">Language in which the
WG will conduct
business</b>: English.</p><p class="MsoNormal" style="margin: 0cm 0cm 2pt 36pt; text-indent: -27pt;"><b>(vii)</b><span style=""> </span><b style="">Method of work: </b>E-mail
discussions
on the working group mailing list, working group conference calls,
and face-to-face meetings at the Internet Identity Workshop and OpenID
summits.</p><p class="MsoNormal" style="margin: 0cm 0cm 2pt 36pt; text-indent: -27pt;"><b>(viii)</b><span style=""> </span><b style="">Basis for determining
when the work of the
WG is completed:</b> Work will not be deemed to be complete until
there
is a consensus that the resulting protocol specification or family of
specifications fulfills the working group goals.<span style=""> </span>Additional
proposed changes beyond that initial consensus will
be evaluated on the basis of whether they increase or decrease
consensus within
the working group. The work will be completed once it is apparent that
maximal consensus on the draft has been achieved, consistent with the
purpose
and scope.</p><p class="MsoNormal"><b>(b)</b><b style=""> <i><u>Background
Information</u></i>.<o:p></o:p></b></p><p class="MsoNormal" style="margin: 0cm 0cm 2pt 36pt; text-indent: -27pt;"><b>(i)</b><span style=""> </span><b style="">Related work being done
in other WGs or
organizations</b>: OpenID Authentication 2.0 and related
specifications,
including Attribute Exchange (AX), Contract Exchange (CX), Provider
Authentication
Policy Extension (PAPE), and the draft User Interface (UI) Extension.<span style=""> </span>OAuth, OAuth WRAP, and OAuth 2.0.<span style=""> </span>OpenID
Connect proposal. SAML 2.0 Core
and SAML Authn Context.</p><p class="MsoNormal" style="margin: 0cm 0cm 2pt 36pt; text-indent: -27pt;"><b>(ii)</b><span style=""> </span><b style="">Proposers:</b> </p><p class="MsoNormal" style="margin-left: 36pt;">Dick Hardt, <a moz-do-not-send="true" href="mailto:dick.hardt@gmail.com">dick.hardt@gmail.com</a>
(chair)</p><p class="MsoNormal" style="margin-left: 36pt;">Michael B. Jones, <a moz-do-not-send="true" href="mailto:mbj@microsoft.com">mbj@microsoft.com</a></p><p class="MsoNormal" style="margin-left: 36pt;">Breno de Medeiros, <a moz-do-not-send="true" href="mailto:breno@google.com">breno@google.com</a></p><p class="MsoNormal" style="margin-left: 36pt;">Ashish Jain, <a moz-do-not-send="true" href="mailto:Ashish.Jain@paypal.com">Ashish.Jain@paypal.com</a></p><p class="MsoNormal" style="margin-left: 36pt;">George Fletcher, <a moz-do-not-send="true" href="mailto:gffletch@aol.com">gffletch@aol.com</a></p><p class="MsoNormal" style="margin: 0cm 0cm 2pt 36pt; text-indent: -27pt;"><b><span style=""> </span>(iii)</b><span style=""> </span><b style="">Anticipated
Contributions</b>: None.</p><p class="MsoNormal"><o:p> </o:p></p>
<!--EndFragment-->
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
specs mailing list
<a class="moz-txt-link-abbreviated" href="mailto:specs@lists.openid.net">specs@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a>
</pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div></div>_______________________________________________<br>specs mailing list<br><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>http://lists.openid.net/mailman/listinfo/openid-specs<br></blockquote></div><br></div></body></html>