[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Protocol extension for role change
On 11/9/16, 2:04 AM, "Rainer Hoerbe" <rainer@hoerbe.at> wrote: > I fail to see the show stopper. IFIAK the main problem areas with front channel SLO are UX (the user > understanding the scope of federated apps), logout status reporting and unreachable SPs (unless using > iFrames/Javascript), and application session handling. These do not apply in this use case. What am I > missing? I think you have to use iFrames, and third party cookies break that, so....it doesn't work. I don't understand what doesn't apply. If you don't need to be able to identify the session at the application, I don't know how the process would work. Obviously it's *possible* to implement, you can do storing of the logout messages and then try and match them up later if the cookie eventually shows up, but that's very rarely done. I shouldn't have said "impossible", but it is generally just not implemented well enough to work. > That could turn out to be a protocol change for scores of applications. Applications don't support logout either. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]