
Actually, I think I now understood what you mean. <div>It is in RC1 now. <br><br><div class="gmail_quote">On Thu, Sep 30, 2010 at 3:24 AM, Nat Sakimura <span dir="ltr"><<a href="mailto:sakimura@gmail.com">sakimura@gmail.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Ryo- <div><br></div><div>One question. What do you mean by "-  RP MUST include a state parameter in 8.3 Request by all means" ? <div>

<br></div><div>=nat</div><div><br><div class="gmail_quote"><div class="im">On Sat, Sep 18, 2010 at 2:11 AM, Ryo Ito <span dir="ltr"><<a href="mailto:ritou.06@gmail.com" target="_blank">ritou.06@gmail.com</a>></span> wrote:<br>


</div><div><div></div><div class="h5"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Nat,<br>

<br>

I'm sorry for late response.<br>

<br>

(1) 7.4.1.  Obtaining bearer token 'client_secret'<br>

<br>

Most OP will display an AuthN/AuthZ page on HTTPS.<br>

The client_icon which RP registers should be HTTPS image.<br>

<br>

(2) 8.4.1.  End-user Grants Authorization<br>

<br>

I think that it is difficult for RP to understand which OP sent this response.<br>

<br>

The following limitation may solve this problem.<br>

-  OP MUST include server_id in 8.4.1 Response<br>

-  RP MUST include a state parameter in 8.3 Request by all means<br>

<br>

(3) 8.6.1.  Positive Assertion<br>

<br>

Please add OAuth Response Parameters to sample response.<br>

<br>

===<br>

Example:<br>

<br>

{<br>

    "openid": {<br>

        "type": "<a href="http://openid.net/specs/ab/1.0#id_res" target="_blank">http://openid.net/specs/ab/1.0#id_res</a>",<br>

        "mode": "id_res",<br>

        "server_id": "<a href="https://op.example.com/" target="_blank">https://op.example.com/</a>",<br>

        "pubkey": "CSqGSIb3DQEBBQ...22WLTnPvcztaqovGW2gaidAyq6",<br>

        "request_url": "<a href="https://rp.example.com/rf.js%23Qfsoe2F" target="_blank">https://rp.example.com/rf.js%23Qfsoe2F</a>",<br>

        "op_endpoint": "<a href="https://op.example.com/op_endpoint" target="_blank">https://op.example.com/op_endpoint</a>",<br>

        "claimed_id": "<a href="https://example.com/alice#1234" target="_blank">https://example.com/alice#1234</a>",<br>

        "identity": "alice",<br>

        "user_id": "<a href="https://op.example.com/a3flsjeow1234" target="_blank">https://op.example.com/a3flsjeow1234</a>",<br>

        "issued_at": 1280217103,<br>

        "client_id": "<a href="https://rp.example.com/" target="_blank">https://rp.example.com/</a>"<br>

    }<br>

    "access_token":"SlAV32hkKG",<br>

    "expires_in":3600,<br>

    "refresh_token":"8xLOxBtZp8"<br>

}<br>

===<br>

<br>

Thanks,<br>

Ryo<br>

<br>

2010/8/9 Nat Sakimura <<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>>:<br>

<div><div></div><div>> Hopefully, it is close to the final. Please review carefully, by the<br>

> end of the week.<br>

> That will be the final edit before I submit it for the public comment.<br>

><br>

> Changes:<br>

> =========<br>

> * Name scoped openid variables into openid key in JSON.<br>

> * changed variable names according to the changes between OAuth draft<br>

> 9 and 7. (e.g., redirect_url -> redirect_uri) . Also, added some<br>

> variable added in draft 9.<br>

> * Added IANA consideration.<br>

> * Added some text to the Security Consideration. Added timing attack.<br>

> * Changed pubkey from base64url encoded PEM to that of DER.<br>

> * Misc editorial.<br>

><br>

><br>

><br>

> --<br>

> Nat Sakimura (=nat)<br>

> <a href="http://www.sakimura.org/en/" target="_blank">http://www.sakimura.org/en/</a><br>

> <a href="http://twitter.com/_nat_en" target="_blank">http://twitter.com/_nat_en</a><br>

><br>

</div></div>> _______________________________________________<br>

> Openid-specs-ab mailing list<br>

> <a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>

> <a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>

><br>

><br>

<font color="#888888">--<br>

====================<br>

Ryo Ito<br>

Email : <a href="mailto:ritou.06@gmail.com" target="_blank">ritou.06@gmail.com</a><br>

====================<br>

</font></blockquote></div></div></div><br><br clear="all"><br>-- <br><div class="im">Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/" target="_blank">http://www.sakimura.org/en/</a><br><a href="http://twitter.com/_nat_en" target="_blank">http://twitter.com/_nat_en</a><br>


</div></div></div>

</blockquote></div><br><br clear="all"><br>-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><br><a href="http://twitter.com/_nat_en">http://twitter.com/_nat_en</a><br>

</div>