Skip to content

Introduce inactivity_timeout #222

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
May 6, 2025
Merged

Introduce inactivity_timeout #222

merged 15 commits into from
May 6, 2025

Conversation

@traib-google
Copy link
Contributor

@traib-google traib-google commented Dec 3, 2024

@traib-google traib-google changed the title Introduce push_stream_ttl in openid-sharedsignals-framework-1_0.md Introduce push_stream_ttl Dec 3, 2024
@traib-google traib-google marked this pull request as ready for review December 3, 2024 17:59
@traib-google traib-google requested a review from a team as a code owner December 3, 2024 17:59
appsdesh
appsdesh previously requested changes Dec 3, 2024
View reviewed changes
Copy link
Contributor

@appsdesh appsdesh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Push and Pull are delivery mechanisms defined outside the SSF spec. We should not introduce new aspects specifically targeting a single delivery mechanism in the SSF spec

@FragLegs
Copy link
Contributor

FragLegs commented Dec 3, 2024

Push and Pull are delivery mechanisms defined outside the SSF spec. We should not introduce new aspects specifically targeting a single delivery mechanism in the SSF spec

I agree. Can we just make this stream_ttl so that it applies to any stream regardless of delivery method?

@traib-google
Copy link
Contributor Author

traib-google commented Dec 3, 2024

Push and Pull are delivery mechanisms defined outside the SSF spec. We should not introduce new aspects specifically targeting a single delivery mechanism in the SSF spec

Thanks! The same concept can be applied to PULL streams too, let me reword this as simply stream_tll.

FragLegs
FragLegs reviewed Dec 3, 2024
View reviewed changes
FragLegs
FragLegs reviewed Dec 3, 2024
View reviewed changes
@tulshi tulshi linked an issue Dec 3, 2024 that may be closed by this pull request
Permanence of streams #211
Closed
@traib-google traib-google changed the title Introduce push_stream_ttl Introduce stream_ttl Dec 3, 2024
tulshi
tulshi reviewed Dec 3, 2024
View reviewed changes
ptravers
ptravers reviewed Dec 12, 2024
View reviewed changes
@FragLegs FragLegs added the v1Final Issues that must be fixed before we propose a spec to become a v1 final spec. label Jan 24, 2025
tulshi
tulshi reviewed Mar 18, 2025
View reviewed changes
FragLegs
FragLegs reviewed Apr 30, 2025
View reviewed changes
traib-google and others added 2 commits April 30, 2025 12:53
@traib-google
Rename to inactivity_ttl and add the option to delete the stream
c262028 
inactivity_ttl is more descriptive than just stream_ttl
@traib-google @FragLegs
Stream updated event for "update" -> "pause or disable"
6406503 
Co-authored-by: Shayne Miel (he/him) <miel.shayne@gmail.com>
tulshi
tulshi reviewed May 1, 2025
View reviewed changes
@traib-google traib-google requested a review from appsdesh May 5, 2025 21:35
@traib-google traib-google reopened this May 5, 2025
@tulshi tulshi requested review from FragLegs and iamseanodentity May 5, 2025 21:50
@tulshi
Copy link
Contributor

tulshi commented May 5, 2025

Push and Pull are delivery mechanisms defined outside the SSF spec. We should not introduce new aspects specifically targeting a single delivery mechanism in the SSF spec

Since the comments have been resolved in the PR, I'm going to "dismiss" this review. @appsdesh please comment if you think this still needs addressing.

@tulshi tulshi dismissed appsdesh’s stale review May 5, 2025 22:41

The comments from this review were resolved by the author.

FragLegs
FragLegs approved these changes May 5, 2025
View reviewed changes
traib-google and others added 3 commits May 5, 2025 17:15
@traib-google @FragLegs
Commit suggestion
5217aa9 
Co-authored-by: Shayne Miel (he/him) <miel.shayne@gmail.com>
@traib-google @FragLegs
Commit suggestion
fed9c6c 
Co-authored-by: Shayne Miel (he/him) <miel.shayne@gmail.com>
@traib-google
Rename inactivity_ttl -> inactivity_timeout
29414b7
@traib-google traib-google changed the title Introduce stream_ttl Introduce inactivity_timeout May 6, 2025
@tulshi tulshi requested a review from FragLegs May 6, 2025 00:21
FragLegs
FragLegs approved these changes May 6, 2025
View reviewed changes
Copy link
Contributor

@FragLegs FragLegs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! Thanks for all the diligence getting it tuned up so well.

@iamseanodentity iamseanodentity merged commit 782e324 into openid:main May 6, 2025
2 checks passed
appsdesh
appsdesh reviewed May 6, 2025
View reviewed changes
openid-sharedsignals-framework-1_0.md

inactivity_timeout

> **Transmitter-Supplied**, OPTIONAL. The refreshable inactivity timeout of the stream in seconds. After the timeout duration passes with no eligible activity from the Receiver, as defined below, the Transmitter MAY either pause, disable, or delete the stream. The syntax is the same as that of `expires_in` from Section A.14 of {{RFC6749}}.
Copy link
Contributor

@appsdesh appsdesh May 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After the timeout duration passes with no eligible activity from the Receiver

We should consider successful event delivery to the receiver as an eligible activity and possibly clarify it. We don't always need Rx making API calls, correct?

Copy link
Contributor Author

@traib-google traib-google May 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For PUSH streams that's not enough, at least from a security/privacy perspective - receiver endpoints are more likely to be open, the only way to verify that the receiver exists and still has the right auth/access is for it to call the transmitter endpoints (oauth-protected in most cases).

For PULL, polling is sufficient.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@appsdesh appsdesh appsdesh left review comments

@FragLegs FragLegs FragLegs approved these changes

@tulshi tulshi tulshi approved these changes

@iamseanodentity iamseanodentity iamseanodentity approved these changes

+1 more reviewer

@ptravers ptravers ptravers left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

v1Final Issues that must be fixed before we propose a spec to become a v1 final spec.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Permanence of streams

6 participants

@traib-google @FragLegs @tulshi @ptravers @appsdesh @iamseanodentity