No problem. <div><br></div><div>Thanks for catching those!</div><div><br></div><div>=nat<br><br><div class="gmail_quote">On Sat, Sep 18, 2010 at 2:11 AM, Ryo Ito <span dir="ltr">&lt;<a href="mailto:ritou.06@gmail.com">ritou.06@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi Nat,<br>
<br>
I&#39;m sorry for late response.<br>
<br>
(1) 7.4.1.  Obtaining bearer token &#39;client_secret&#39;<br>
<br>
Most OP will display an AuthN/AuthZ page on HTTPS.<br>
The client_icon which RP registers should be HTTPS image.<br>
<br>
(2) 8.4.1.  End-user Grants Authorization<br>
<br>
I think that it is difficult for RP to understand which OP sent this response.<br>
<br>
The following limitation may solve this problem.<br>
-  OP MUST include server_id in 8.4.1 Response<br>
-  RP MUST include a state parameter in 8.3 Request by all means<br>
<br>
(3) 8.6.1.  Positive Assertion<br>
<br>
Please add OAuth Response Parameters to sample response.<br>
<br>
===<br>
Example:<br>
<br>
{<br>
    &quot;openid&quot;: {<br>
        &quot;type&quot;: &quot;<a href="http://openid.net/specs/ab/1.0#id_res" target="_blank">http://openid.net/specs/ab/1.0#id_res</a>&quot;,<br>
        &quot;mode&quot;: &quot;id_res&quot;,<br>
        &quot;server_id&quot;: &quot;<a href="https://op.example.com/" target="_blank">https://op.example.com/</a>&quot;,<br>
        &quot;pubkey&quot;: &quot;CSqGSIb3DQEBBQ...22WLTnPvcztaqovGW2gaidAyq6&quot;,<br>
        &quot;request_url&quot;: &quot;<a href="https://rp.example.com/rf.js%23Qfsoe2F" target="_blank">https://rp.example.com/rf.js%23Qfsoe2F</a>&quot;,<br>
        &quot;op_endpoint&quot;: &quot;<a href="https://op.example.com/op_endpoint" target="_blank">https://op.example.com/op_endpoint</a>&quot;,<br>
        &quot;claimed_id&quot;: &quot;<a href="https://example.com/alice#1234" target="_blank">https://example.com/alice#1234</a>&quot;,<br>
        &quot;identity&quot;: &quot;alice&quot;,<br>
        &quot;user_id&quot;: &quot;<a href="https://op.example.com/a3flsjeow1234" target="_blank">https://op.example.com/a3flsjeow1234</a>&quot;,<br>
        &quot;issued_at&quot;: 1280217103,<br>
        &quot;client_id&quot;: &quot;<a href="https://rp.example.com/" target="_blank">https://rp.example.com/</a>&quot;<br>
    }<br>
    &quot;access_token&quot;:&quot;SlAV32hkKG&quot;,<br>
    &quot;expires_in&quot;:3600,<br>
    &quot;refresh_token&quot;:&quot;8xLOxBtZp8&quot;<br>
}<br>
===<br>
<br>
Thanks,<br>
Ryo<br>
<br>
2010/8/9 Nat Sakimura &lt;<a href="mailto:sakimura@gmail.com">sakimura@gmail.com</a>&gt;:<br>
<div><div></div><div class="h5">&gt; Hopefully, it is close to the final. Please review carefully, by the<br>
&gt; end of the week.<br>
&gt; That will be the final edit before I submit it for the public comment.<br>
&gt;<br>
&gt; Changes:<br>
&gt; =========<br>
&gt; * Name scoped openid variables into openid key in JSON.<br>
&gt; * changed variable names according to the changes between OAuth draft<br>
&gt; 9 and 7. (e.g., redirect_url -&gt; redirect_uri) . Also, added some<br>
&gt; variable added in draft 9.<br>
&gt; * Added IANA consideration.<br>
&gt; * Added some text to the Security Consideration. Added timing attack.<br>
&gt; * Changed pubkey from base64url encoded PEM to that of DER.<br>
&gt; * Misc editorial.<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; --<br>
&gt; Nat Sakimura (=nat)<br>
&gt; <a href="http://www.sakimura.org/en/" target="_blank">http://www.sakimura.org/en/</a><br>
&gt; <a href="http://twitter.com/_nat_en" target="_blank">http://twitter.com/_nat_en</a><br>
&gt;<br>
</div></div>&gt; _______________________________________________<br>
&gt; Openid-specs-ab mailing list<br>
&gt; <a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
&gt; <a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
&gt;<br>
&gt;<br>
<font color="#888888">--<br>
====================<br>
Ryo Ito<br>
Email : <a href="mailto:ritou.06@gmail.com">ritou.06@gmail.com</a><br>
====================<br>
</font></blockquote></div><br><br clear="all"><br>-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><br><a href="http://twitter.com/_nat_en">http://twitter.com/_nat_en</a><br>

</div>