[Openid-specs-ab] Draft 13 of Artifact Binding

Ryo Ito ritou.06 at gmail.com
Fri Sep 17 17:11:10 UTC 2010


Hi Nat,

I'm sorry for late response.

(1) 7.4.1.  Obtaining bearer token 'client_secret'

Most OP will display an AuthN/AuthZ page on HTTPS.
The client_icon which RP registers should be HTTPS image.

(2) 8.4.1.  End-user Grants Authorization

I think that it is difficult for RP to understand which OP sent this response.

The following limitation may solve this problem.
-  OP MUST include server_id in 8.4.1 Response
-  RP MUST include a state parameter in 8.3 Request by all means

(3) 8.6.1.  Positive Assertion

Please add OAuth Response Parameters to sample response.

===
Example:

{
    "openid": {
        "type": "http://openid.net/specs/ab/1.0#id_res",
        "mode": "id_res",
        "server_id": "https://op.example.com/",
        "pubkey": "CSqGSIb3DQEBBQ...22WLTnPvcztaqovGW2gaidAyq6",
        "request_url": "https://rp.example.com/rf.js%23Qfsoe2F",
        "op_endpoint": "https://op.example.com/op_endpoint",
        "claimed_id": "https://example.com/alice#1234",
        "identity": "alice",
        "user_id": "https://op.example.com/a3flsjeow1234",
        "issued_at": 1280217103,
        "client_id": "https://rp.example.com/"
    }
    "access_token":"SlAV32hkKG",
    "expires_in":3600,
    "refresh_token":"8xLOxBtZp8"
}
===

Thanks,
Ryo

2010/8/9 Nat Sakimura <sakimura at gmail.com>:
> Hopefully, it is close to the final. Please review carefully, by the
> end of the week.
> That will be the final edit before I submit it for the public comment.
>
> Changes:
> =========
> * Name scoped openid variables into openid key in JSON.
> * changed variable names according to the changes between OAuth draft
> 9 and 7. (e.g., redirect_url -> redirect_uri) . Also, added some
> variable added in draft 9.
> * Added IANA consideration.
> * Added some text to the Security Consideration. Added timing attack.
> * Changed pubkey from base64url encoded PEM to that of DER.
> * Misc editorial.
>
>
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-- 
====================
Ryo Ito
Email : ritou.06 at gmail.com
====================


More information about the Openid-specs-ab mailing list