[Openid-specs-ab] Draft 13 of Artifact Binding

Nat Sakimura sakimura at gmail.com
Wed Sep 29 18:30:09 UTC 2010


Actually, I think I now understood what you mean.
It is in RC1 now.

On Thu, Sep 30, 2010 at 3:24 AM, Nat Sakimura <sakimura at gmail.com> wrote:

> Ryo-
>
> One question. What do you mean by "-  RP MUST include a state parameter in
> 8.3 Request by all means" ?
>
> =nat
>
> On Sat, Sep 18, 2010 at 2:11 AM, Ryo Ito <ritou.06 at gmail.com> wrote:
>
>> Hi Nat,
>>
>> I'm sorry for late response.
>>
>> (1) 7.4.1.  Obtaining bearer token 'client_secret'
>>
>> Most OP will display an AuthN/AuthZ page on HTTPS.
>> The client_icon which RP registers should be HTTPS image.
>>
>> (2) 8.4.1.  End-user Grants Authorization
>>
>> I think that it is difficult for RP to understand which OP sent this
>> response.
>>
>> The following limitation may solve this problem.
>> -  OP MUST include server_id in 8.4.1 Response
>> -  RP MUST include a state parameter in 8.3 Request by all means
>>
>> (3) 8.6.1.  Positive Assertion
>>
>> Please add OAuth Response Parameters to sample response.
>>
>> ===
>> Example:
>>
>> {
>>    "openid": {
>>        "type": "http://openid.net/specs/ab/1.0#id_res",
>>        "mode": "id_res",
>>        "server_id": "https://op.example.com/",
>>        "pubkey": "CSqGSIb3DQEBBQ...22WLTnPvcztaqovGW2gaidAyq6",
>>        "request_url": "https://rp.example.com/rf.js%23Qfsoe2F",
>>        "op_endpoint": "https://op.example.com/op_endpoint",
>>        "claimed_id": "https://example.com/alice#1234",
>>        "identity": "alice",
>>        "user_id": "https://op.example.com/a3flsjeow1234",
>>        "issued_at": 1280217103,
>>        "client_id": "https://rp.example.com/"
>>    }
>>    "access_token":"SlAV32hkKG",
>>    "expires_in":3600,
>>    "refresh_token":"8xLOxBtZp8"
>> }
>> ===
>>
>> Thanks,
>> Ryo
>>
>> 2010/8/9 Nat Sakimura <sakimura at gmail.com>:
>> > Hopefully, it is close to the final. Please review carefully, by the
>> > end of the week.
>> > That will be the final edit before I submit it for the public comment.
>> >
>> > Changes:
>> > =========
>> > * Name scoped openid variables into openid key in JSON.
>> > * changed variable names according to the changes between OAuth draft
>> > 9 and 7. (e.g., redirect_url -> redirect_uri) . Also, added some
>> > variable added in draft 9.
>> > * Added IANA consideration.
>> > * Added some text to the Security Consideration. Added timing attack.
>> > * Changed pubkey from base64url encoded PEM to that of DER.
>> > * Misc editorial.
>> >
>> >
>> >
>> > --
>> > Nat Sakimura (=nat)
>> > http://www.sakimura.org/en/
>> > http://twitter.com/_nat_en
>> >
>> > _______________________________________________
>> > Openid-specs-ab mailing list
>> > Openid-specs-ab at lists.openid.net
>> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
>> >
>> >
>> --
>> ====================
>> Ryo Ito
>> Email : ritou.06 at gmail.com
>> ====================
>>
>
>
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
>



-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20100930/0a2fc410/attachment.html>


More information about the Openid-specs-ab mailing list