The OpenID OpenID Connect Working Group recommends approval of the following specifications as OpenID Final Specifications:
- OpenID Connect Session Management 1.0
- OpenID Connect Front-Channel Logout 1.0
- OpenID Connect Back-Channel Logout 1.0
- OpenID Connect RP-Initiated Logout 1.0
A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. This note starts the 60-day public review period for the specification drafts in accordance with the OpenID Foundation IPR policies and procedures. Unless issues are identified during the review that the working group believes must be addressed by revising the drafts, this review period will be followed by a seven-day voting period during which OpenID Foundation members will vote on whether to approve these drafts as OpenID Final Specifications. For the convenience of members, voting will actually begin on Friday, August 26, 2022, for members who have completed their reviews by then.
The relevant dates are:
- Final Specifications public review period: Tuesday, July 5, 2022 to Saturday, September 3, 2022 (60 days)
- Final Specifications vote announcement: Friday, August 19, 2022
- Final Specifications voting period: Monday, September 5, 2022 to Monday, September 12, 2022 (7 days)*
* Note: Early voting before the start of the formal voting will be allowed.
The OpenID Connect working group page is https://openid.net/wg/connect/. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration. If you’re not a current OpenID Foundation member, please consider joining to participate in the approval vote.
You can send feedback on the specifications in a way that enables the working group to act upon it by (1) signing the contribution agreement at https://openid.net/intellectual-property/ to join the working group (please specify that you are joining the “AB/Connect” working group on your contribution agreement), (2) joining the working group mailing list at https://lists.openid.net/mailman/listinfo/openid-specs-ab, and (3) sending your feedback to the list.
Note that on August 17, 2022, an updated version of the OpenID Connect RP-Initiated Logout specification was published at https://openid.net/specs/openid-connect-rpinitiated-1_0.html and https://openid.net/specs/openid-connect-rpinitiated-1_0-03.html. This revision clarifies that RP-Initiated Logout Requests are idempotent.
Also note that on August 25, 2022, an updated version of the OpenID Connect Back-Channel Logout specification was published at https://openid.net/specs/openid-connect-backchannel-1_0.html and https://openid.net/specs/openid-connect-backchannel-1_0-09.html. This revision specifies how to handle failed requests, using the same language as RFC 8935 (Push-Based Security Event Token (SET) Delivery Using HTTP).
— Michael B. Jones – OpenID Foundation Board Secretary