Back-Channel Logout 1.0 - draft 04

Issue #1012 resolved
Tom Jones created an issue

Section 1 "Another significant limitation of back-channel logout is that the RP's back-channel logout URI must be reachable from all the OPs used. This means, for instance, that the RP cannot be behind a firewall or NAT when used with public OPs." this confuses me. Is it not automatically true already for any RP supporting OpenID Connect?

Section 2.3 "OPs supporting back-channel logout need to keep track of the set of logged-in RPs" - I have no good idea what this means. I did not think that RPs were logged in. Could it mean "keep track of user logged in sessions at an RP"?

Comments (3)

  1. Michael Jones

    The "keeping track" language should be applied to Front-Channel Logout as well, as others also noted.

  2. Log in to comment