[Openid-specs-ab] [Bitbucket] Issue #872: session 4.1. Opbs is unclear and conflict with "session management memo" on wiki (openid/connect)

Mike Jones Michael.Jones at microsoft.com
Thu Oct 3 05:45:10 UTC 2013

It’s your points following “Secondly” that I think we need to capture in the spec and be clear to developers about – not so much the example itself.  If you can suggest language along that line, that should help resolve the potential developer confusion that is the real root of this issue.

                                                            -- Mike

From: n-sakimura [mailto:n-sakimura at nri.co.jp]
Sent: Wednesday, October 02, 2013 10:34 PM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] [Bitbucket] Issue #872: session 4.1. Opbs is unclear and conflict with "session management memo" on wiki (openid/connect)

First of all, opbs is just a parameter name that I happened to have used in the example. It could have been anything.

Sencondly, what is being stored in the OP Browser State completely depends on each OP. It may just be a random variable that the OP relates the server side state and the browser. Alternatively, it may be storing bunch of state related variables which is then signed or encrypted for the server to be less stateful.

I do not want to give false impression to the developpers that there is one single way of doing it. The maximum I am willing to do is to add some comments to the example.


(2013/10/03 9:50), Mike Jones wrote:
P.S.  Nat, if you could provide proposed text giving a few examples of what Opbs might contain and (if we’re not already saying this) what properties this state needs to have, that would be really useful in helping to close this issue.

                                                                -- Mike

From: openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net> [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Jones
Sent: Wednesday, October 02, 2013 5:47 PM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Subject: Re: [Openid-specs-ab] [Bitbucket] Issue #872: session 4.1. Opbs is unclear and conflict with "session management memo" on wiki (openid/connect)

I strongly disagree with removing the example.  I believe it’s the only thing giving implementers a sense of what they need to do to fulfill the requirements.

We should do what it takes to clarify the example, if needed – not remove it.

                                                            -- Mike

From: Nat Sakimura [mailto:issues-reply at bitbucket.org]
Sent: Wednesday, October 02, 2013 5:26 PM
To: Mike Jones
Subject: Re: [Bitbucket] Issue #872: session 4.1. Opbs is unclear and conflict with "session management memo" on wiki (openid/connect)

Nat Sakimura commented on issue #872:

session 4.1. Opbs is unclear and conflict with "session management memo" on wiki<https://bitbucket.org/openid/connect/issue/872/session-41-opbs-is-unclear-and-conflict>

Did not even needed to follow up with Breno. My intention here is clear. The example is non-normative and is just illustrating what an OP might do to fulfill what the spec. normatively requires. If it is causing more confusion than explaining it, we may want to drop the example and just go with the normative text.


new open

View this issue<https://bitbucket.org/openid/connect/issue/872/session-41-opbs-is-unclear-and-conflict> or add a comment by replying to this email.

Unwatch this issue<https://bitbucket.org/openid/connect/issue/872/unwatch/mbj/6ee343dc8521bd44c690cfa4ae5fe8299cabd061/> to stop receiving email updates.





Openid-specs-ab mailing list<https://bitbucket.org>

Openid-specs-ab at lists.openid.net<https://bitbucket.org>



-- <https://bitbucket.org>

Nat Sakimura (n-sakimura at nri.co.jp)<https://bitbucket.org>

Nomura Research Institute, Ltd. <https://bitbucket.org>

Tel:+81-3-6274-1412 Fax:+81-3-6274-1547<https://bitbucket.org>





PLEASE READ:<https://bitbucket.org>

The information contained in this e-mail is confidential and intended for the named recipient(s) only.<https://bitbucket.org>

If you are not an intended recipient of this e-mail, you are hereby notified that any review, dissemination, distribution or duplication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete your copy from your system.<https://bitbucket.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131003/ef8754ec/attachment-0001.html>

More information about the Openid-specs-ab mailing list