Back-Channel Logout 1.0 - draft 04
Issue #1012
resolved
Section 1 "Another significant limitation of back-channel logout is that the RP's back-channel logout URI must be reachable from all the OPs used. This means, for instance, that the RP cannot be behind a firewall or NAT when used with public OPs." this confuses me. Is it not automatically true already for any RP supporting OpenID Connect?
Section 2.3 "OPs supporting back-channel logout need to keep track of the set of logged-in RPs" - I have no good idea what this means. I did not think that RPs were logged in. Could it mean "keep track of user logged in sessions at an RP"?
Comments (3)
-
-
The "keeping track" language should be applied to Front-Channel Logout as well, as others also noted.
-
- changed status to resolved
The "keeping track" language was added to RP-Initiated Logout in https://bitbucket.org/openid/connect/commits/847be44033ed41e8080b760f3c3a0302318d248f .
- Log in to comment
- Assignee
- Type
- Priority
- Status
- resolved
- Component
- Logout
- Milestone
- Ammendment
- Version
- –
- Votes
- 0
- Watchers
- 0
Re: para 1 -- not quite. With implicit flow, it could be behind a firewall or NAT.