OpenID Connect Session – Management and Login
Session Topic: Open ID Connect Session Management & Log Out
Convener: John B.
Notes-taker(s): Mike Jones
Breno de Medeiros gave a tutorial on the current session management model
Mike Jones let the audience know that the purpose of the session is to refine the contents of the OpenID session management spec:
Issue: Is "ops" a separate parameter?
- We decided that it should be a separate parameter from the ID Token
Google implementation feedback: RPs are likely to hold on to "ops" as a cookie so we should make sure that it's safe to do so
- Safe across multiple tabs from same RP
- Safe for users by respecting cookie same-origin policy