Re: [OAUTH-WG] What Does Logout Mean?

Phil Hunt <phil.hunt@oracle.com> Sun, 01 April 2018 00:33 UTC

Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A9B512702E for <oauth@ietfa.amsl.com>; Sat, 31 Mar 2018 17:33:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CE5QZ3eCfTTd for <oauth@ietfa.amsl.com>; Sat, 31 Mar 2018 17:33:10 -0700 (PDT)
Received: from userp2120.oracle.com (userp2120.oracle.com [156.151.31.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82A66126DC2 for <oauth@ietf.org>; Sat, 31 Mar 2018 17:33:10 -0700 (PDT)
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w310Hbg2190254; Sun, 1 Apr 2018 00:33:05 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2017-10-26; bh=NjKTVhXQ8mK3M1DUtW+QJI8cWFckyQTkC+dUU+ylXfs=; b=iwmYaHFyqTLwQrK9VW62aW5/iNaLUWlI5Gx4AYpMD4osdkrg1Xdb3nhGA4vw8Te1qr4O s+NgZqOC/nUq7tpBJ9CEvWCXIDRvdAE4lCdOdAkw0mhcCPojxk6rVVwnS1lVUR5CF/fX Hou2wUPxJcdihzf+VGjGzDX3uD4PL0DsuHoIWbf1whYK+iSlfoQfvBPtLIDmDeT5gpbu tRCePs9yZGk3hzG2aiest72aqDauFKnCYoLyFLY/C6de7n4V1hQIVFQfS5k/VkhbbHKv 4TOnbT0UxrJQFVhFlJdfoHPzv38jivbipJH3Pc0jI+bRi16tLocfghZVy+iXgfsCti+6 Tg==
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp2120.oracle.com with ESMTP id 2h2mrc00gr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 01 Apr 2018 00:33:05 +0000
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w310X3J2018947 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 1 Apr 2018 00:33:03 GMT
Received: from abhmp0002.oracle.com (abhmp0002.oracle.com [141.146.116.8]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w310X1Ci013889; Sun, 1 Apr 2018 00:33:01 GMT
Received: from [192.168.0.93] (/68.145.180.43) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sat, 31 Mar 2018 17:33:01 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Phil Hunt <phil.hunt@oracle.com>
X-Mailer: iPhone Mail (15D100)
In-Reply-To: <CABRXCmxE2DESN88fjTxoUh4EEGdQPMs5ZsPr_VtHo3BcOPhnrQ@mail.gmail.com>
Date: Sat, 31 Mar 2018 18:32:58 -0600
Cc: "Richard Backman, Annabelle" <richanna@amazon.com>, Roberto Carbone <carbone@fbk.eu>, "oauth@ietf.org" <oauth@ietf.org>, Nat Sakimura <nat@sakimura.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <BCFE0412-3E1F-4079-AF18-163A53F4A33D@oracle.com>
References: <DM5PR00MB02932B889807DF883C006512F5A30@DM5PR00MB0293.namprd00.prod.outlook.com> <CABRXCmykJMcy-PdapRURd7YuZxfMbD9dHkf89AKxObM_2bAqKQ@mail.gmail.com> <9A072F0C-96A0-4F5C-8FD0-76110AA2FA3E@amazon.com> <CABRXCmy6aUO_1=Sp08U=B2mV22oP96-R9t16sDsZbo0vDX6fnQ@mail.gmail.com> <BA42F798-A4E6-43D9-9A93-D85C6C5AF4AA@amazon.com> <CABRXCmxWaU8741R8ux2JAo+LmaLsr+Rh=XADLeyV=7cCjqsokQ@mail.gmail.com> <7B1638A7-ADAD-4AE1-8AF8-6E26853D32C7@amazon.com> <CABRXCmzPn5Cb-y-em6Lf0yqUf=bYy1iev84V07_URWE-PM=WCg@mail.gmail.com> <2D841B39-7A79-42C0-AB3C-E6C473CC6977@amazon.com> <CABRXCmxE2DESN88fjTxoUh4EEGdQPMs5ZsPr_VtHo3BcOPhnrQ@mail.gmail.com>
To: Bill Burke <bburke@redhat.com>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8849 signatures=668697
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=944 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1804010000
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/aWVd30bTGwRBPdKjeJvlzmnhVw4>
Subject: Re: [OAUTH-WG] What Does Logout Mean?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Apr 2018 00:33:12 -0000

These kinds of discussions are why i think the signal should just be token revoked. It is up to the receiver to infer meaning. 

As soon as we talk in forma like commands(user is to be logged out), a standardized meaning becomes a problem. 

Receiver decision on action based on an issuer signal is the primary difference between a security event signal (a SET) and a security assertion (a JWT) or a command. 

Phil

> On Mar 31, 2018, at 8:15 AM, Bill Burke <bburke@redhat.com> wrote:
> 
> On Fri, Mar 30, 2018 at 2:47 PM, Richard Backman, Annabelle
> <richanna@amazon.com> wrote:
>> It sounds like you're asking the OP to provide client-side session management as a service. There may be value in standardizing that, but I think it goes beyond what Backchannel Logout is intended to do.
> 
> Sure, sort of.  Though, we would have never implemented these
> extensions if back channel logout didn't exist as a concept and
> requirement.  Its all in the sometimes ugly business of supporting
> application developers who have a variety of deployment requirements
> and restrictions.
> 
> Bill
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth