{"id":1452,"date":"2015-09-09T23:51:54","date_gmt":"2015-09-10T06:51:54","guid":{"rendered":"https:\/\/self-issued.info\/?p=1452"},"modified":"2015-09-09T23:51:54","modified_gmt":"2015-09-10T06:51:54","slug":"openid-connect-back-channel-logout-specification","status":"publish","type":"post","link":"https:\/\/self-issued.info\/?p=1452","title":{"rendered":"OpenID Connect Back-Channel Logout Specification"},"content":{"rendered":"

\"OpenID<\/span>A new back-channel OpenID Connect Logout spec has been published at http:\/\/openid.net\/specs\/openid-connect-backchannel-1_0.html<\/a>. This can coexist with or be used instead of the front-channel-based Session Management<\/a> and HTTP-Based Logout<\/a> specifications.<\/p>\n

The abstract for the new specification states:<\/p>\n

\n\tThis specification defines a logout mechanism that uses back-channel communication between the OP and RPs being logged out; this differs from front-channel logout mechanisms, which communicate logout requests from the OP to RPs via the User Agent.\n<\/p><\/blockquote>\n

This completes publication of the three planned OpenID Connect logout mechanisms: two that communicate on the front-channel through the User Agent (browser) and this one that communicates on the back-channel, without involving the User Agent. See the Introduction<\/a> for a discussion of the upsides and downsides of the different logout approaches. As much as we’d like there to be a single logout solution, both experience and extensive discussions led us to the conclusion that there isn’t a feasible one-size-fits-all approach.<\/p>\n

Reviews of the new (and existing!) specifications are welcomed.<\/p>\n

Thanks to John Bradley, Pedro Felix, Nat Sakimura, Brian Campbell, and Todd Lainhart for their contributions to the creation of the specification.<\/p>\n","protected":false},"excerpt":{"rendered":"

A new back-channel OpenID Connect Logout spec has been published at http:\/\/openid.net\/specs\/openid-connect-backchannel-1_0.html. This can coexist with or be used instead of the front-channel-based Session Management and HTTP-Based Logout specifications. The abstract for the new specification states: This specification defines a logout mechanism that uses back-channel communication between the OP and RPs being logged out; this […]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,14,25],"tags":[],"class_list":["post-1452","post","type-post","status-publish","format-standard","hentry","category-federation","category-openid","category-specifications"],"_links":{"self":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/1452","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1452"}],"version-history":[{"count":2,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/1452\/revisions"}],"predecessor-version":[{"id":1454,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/1452\/revisions\/1454"}],"wp:attachment":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1452"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1452"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1452"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}