[Openid-specs-ab] [Bitbucket] Issue #872: session 4.1. Opbs is unclear and conflict with "session management memo" on wiki (openid/connect)

n-sakimura n-sakimura at nri.co.jp
Thu Oct 3 05:33:44 UTC 2013


First of all, opbs is just a parameter name that I happened to have used 
in the example. It could have been anything.

Sencondly, what is being stored in the OP Browser State completely 
depends on each OP. It may just be a random variable that the OP relates 
the server side state and the browser. Alternatively, it may be storing 
bunch of state related variables which is then signed or encrypted for 
the server to be less stateful.

I do not want to give false impression to the developpers that there is 
one single way of doing it. The maximum I am willing to do is to add 
some comments to the example.

Nat

(2013/10/03 9:50), Mike Jones wrote:
>
> P.S.  Nat, if you could provide proposed text giving a few examples of 
> what Opbs might contain and (if we're not already saying this) what 
> properties this state needs to have, that would be really useful in 
> helping to close this issue.
>
> Thanks,
>
> -- Mike
>
> *From:*openid-specs-ab-bounces at lists.openid.net 
> [mailto:openid-specs-ab-bounces at lists.openid.net] *On Behalf Of *Mike 
> Jones
> *Sent:* Wednesday, October 02, 2013 5:47 PM
> *To:* openid-specs-ab at lists.openid.net
> *Subject:* Re: [Openid-specs-ab] [Bitbucket] Issue #872: session 4.1. 
> Opbs is unclear and conflict with "session management memo" on wiki 
> (openid/connect)
>
> I strongly disagree with removing the example.  I believe it's the 
> only thing giving implementers a sense of what they need to do to 
> fulfill the requirements.
>
> We should do what it takes to clarify the example, if needed -- not 
> remove it.
>
> -- Mike
>
> *From:*Nat Sakimura [mailto:issues-reply at bitbucket.org]
> *Sent:* Wednesday, October 02, 2013 5:26 PM
> *To:* Mike Jones
> *Subject:* Re: [Bitbucket] Issue #872: session 4.1. Opbs is unclear 
> and conflict with "session management memo" on wiki (openid/connect)
>
> Nat
>
> 	
>
> *Nat Sakimura*commented on issue #872:
>
> *session 4.1. Opbs is unclear and conflict with "session management 
> memo" on wiki 
> <https://bitbucket.org/openid/connect/issue/872/session-41-opbs-is-unclear-and-conflict> 
> *
>
> Did not even needed to follow up with Breno. My intention here is 
> clear. The example is non-normative and is just illustrating what an 
> OP might do to fulfill what the spec. normatively requires. If it is 
> causing more confusion than explaining it, we may want to drop the 
> example and just go with the normative text.
>
> Status:
>
> 	
>
> newopen
>
>
> 	
>
> View this issue 
> <https://bitbucket.org/openid/connect/issue/872/session-41-opbs-is-unclear-and-conflict> 
> or add a comment by replying to this email.
>
> Unwatch this issue 
> <https://bitbucket.org/openid/connect/issue/872/unwatch/mbj/6ee343dc8521bd44c690cfa4ae5fe8299cabd061/> 
> to stop receiving email updates.
>
> 	
> 	
>
> Bitbucket <https://bitbucket.org>
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab


-- 
Nat Sakimura (n-sakimura at nri.co.jp)
Nomura Research Institute, Ltd.
Tel:+81-3-6274-1412 Fax:+81-3-6274-1547

????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
PLEASE READ:
The information contained in this e-mail is confidential and intended for the named recipient(s) only.
If you are not an intended recipient of this e-mail, you are hereby notified that any review, dissemination, distribution or duplication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete your copy from your system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131003/266ba47f/attachment-0001.html>


More information about the Openid-specs-ab mailing list