[Openid-specs-ab] Draft 13 of Artifact Binding

Nat Sakimura sakimura at gmail.com
Sat Sep 18 15:39:50 UTC 2010


No problem.

Thanks for catching those!

=nat

On Sat, Sep 18, 2010 at 2:11 AM, Ryo Ito <ritou.06 at gmail.com> wrote:

> Hi Nat,
>
> I'm sorry for late response.
>
> (1) 7.4.1.  Obtaining bearer token 'client_secret'
>
> Most OP will display an AuthN/AuthZ page on HTTPS.
> The client_icon which RP registers should be HTTPS image.
>
> (2) 8.4.1.  End-user Grants Authorization
>
> I think that it is difficult for RP to understand which OP sent this
> response.
>
> The following limitation may solve this problem.
> -  OP MUST include server_id in 8.4.1 Response
> -  RP MUST include a state parameter in 8.3 Request by all means
>
> (3) 8.6.1.  Positive Assertion
>
> Please add OAuth Response Parameters to sample response.
>
> ===
> Example:
>
> {
>    "openid": {
>        "type": "http://openid.net/specs/ab/1.0#id_res",
>        "mode": "id_res",
>        "server_id": "https://op.example.com/",
>        "pubkey": "CSqGSIb3DQEBBQ...22WLTnPvcztaqovGW2gaidAyq6",
>        "request_url": "https://rp.example.com/rf.js%23Qfsoe2F",
>        "op_endpoint": "https://op.example.com/op_endpoint",
>        "claimed_id": "https://example.com/alice#1234",
>        "identity": "alice",
>        "user_id": "https://op.example.com/a3flsjeow1234",
>        "issued_at": 1280217103,
>        "client_id": "https://rp.example.com/"
>    }
>    "access_token":"SlAV32hkKG",
>    "expires_in":3600,
>    "refresh_token":"8xLOxBtZp8"
> }
> ===
>
> Thanks,
> Ryo
>
> 2010/8/9 Nat Sakimura <sakimura at gmail.com>:
> > Hopefully, it is close to the final. Please review carefully, by the
> > end of the week.
> > That will be the final edit before I submit it for the public comment.
> >
> > Changes:
> > =========
> > * Name scoped openid variables into openid key in JSON.
> > * changed variable names according to the changes between OAuth draft
> > 9 and 7. (e.g., redirect_url -> redirect_uri) . Also, added some
> > variable added in draft 9.
> > * Added IANA consideration.
> > * Added some text to the Security Consideration. Added timing attack.
> > * Changed pubkey from base64url encoded PEM to that of DER.
> > * Misc editorial.
> >
> >
> >
> > --
> > Nat Sakimura (=nat)
> > http://www.sakimura.org/en/
> > http://twitter.com/_nat_en
> >
> > _______________________________________________
> > Openid-specs-ab mailing list
> > Openid-specs-ab at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
> >
> >
> --
> ====================
> Ryo Ito
> Email : ritou.06 at gmail.com
> ====================
>



-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20100919/c303cc73/attachment.html>


More information about the Openid-specs-ab mailing list