[Openid-specs-ab] [Bitbucket] Issue #872: session 4.1. Opbs is unclear and conflict with "session management memo" on wiki (openid/connect)

n-sakimura n-sakimura at nri.co.jp
Thu Oct 3 06:50:22 UTC 2013


Then, my suggestion is to add the following

    // get_op_browser_state() is an OP defined function
    // that returns the browser's login status at the OP.
    // How it is done is entirely up to the OP.

to the line above

    var opbs = get_op_browser_state();

Also, add the following

    // Here, the session_state is calculated in this particular way,
    // but it is entirely up to the OP how to do it under the
    // requirements defined in this specification.

to the line above

var ss = CryptoJS.SHA256(client_id + ' ' + e.origin + ' ' +

Best,

Nat

(2013/10/03 14:45), Mike Jones wrote:
>
> It’s your points following “Secondly” that I think we need to capture 
> in the spec and be clear to developers about – not so much the example 
> itself.  If you can suggest language along that line, that should help 
> resolve the potential developer confusion that is the real root of 
> this issue.
>
> Thanks,
>
> -- Mike
>
> *From:*n-sakimura [mailto:n-sakimura at nri.co.jp]
> *Sent:* Wednesday, October 02, 2013 10:34 PM
> *To:* Mike Jones
> *Cc:* openid-specs-ab at lists.openid.net
> *Subject:* Re: [Openid-specs-ab] [Bitbucket] Issue #872: session 4.1. 
> Opbs is unclear and conflict with "session management memo" on wiki 
> (openid/connect)
>
> First of all, opbs is just a parameter name that I happened to have 
> used in the example. It could have been anything.
>
> Sencondly, what is being stored in the OP Browser State completely 
> depends on each OP. It may just be a random variable that the OP 
> relates the server side state and the browser. Alternatively, it may 
> be storing bunch of state related variables which is then signed or 
> encrypted for the server to be less stateful.
>
> I do not want to give false impression to the developpers that there 
> is one single way of doing it. The maximum I am willing to do is to 
> add some comments to the example.
>
> Nat
>
> (2013/10/03 9:50), Mike Jones wrote:
>
>     P.S.  Nat, if you could provide proposed text giving a few
>     examples of what Opbs might contain and (if we’re not already
>     saying this) what properties this state needs to have, that would
>     be really useful in helping to close this issue.
>
>     Thanks,
>
>     -- Mike
>
>     *From:* openid-specs-ab-bounces at lists.openid.net
>     <mailto:openid-specs-ab-bounces at lists.openid.net>
>     [mailto:openid-specs-ab-bounces at lists.openid.net] *On Behalf Of
>     *Mike Jones
>     *Sent:* Wednesday, October 02, 2013 5:47 PM
>     *To:* openid-specs-ab at lists.openid.net
>     <mailto:openid-specs-ab at lists.openid.net>
>     *Subject:* Re: [Openid-specs-ab] [Bitbucket] Issue #872: session
>     4.1. Opbs is unclear and conflict with "session management memo"
>     on wiki (openid/connect)
>
>     I strongly disagree with removing the example.  I believe it’s the
>     only thing giving implementers a sense of what they need to do to
>     fulfill the requirements.
>
>     We should do what it takes to clarify the example, if needed – not
>     remove it.
>
>     -- Mike
>
>     *From:* Nat Sakimura [mailto:issues-reply at bitbucket.org]
>     *Sent:* Wednesday, October 02, 2013 5:26 PM
>     *To:* Mike Jones
>     *Subject:* Re: [Bitbucket] Issue #872: session 4.1. Opbs is
>     unclear and conflict with "session management memo" on wiki
>     (openid/connect)
>
>
>     	
>
>     *Nat Sakimura* commented on issue #872:
>
>     *session 4.1. Opbs is unclear and conflict with "session
>     management memo" on wiki
>     <https://bitbucket.org/openid/connect/issue/872/session-41-opbs-is-unclear-and-conflict>
>     *
>
>     Did not even needed to follow up with Breno. My intention here is
>     clear. The example is non-normative and is just illustrating what
>     an OP might do to fulfill what the spec. normatively requires. If
>     it is causing more confusion than explaining it, we may want to
>     drop the example and just go with the normative text.
>
>     Status:
>
>     	
>
>     new open
>
>
>     	
>
>     View this issue
>     <https://bitbucket.org/openid/connect/issue/872/session-41-opbs-is-unclear-and-conflict>
>     or add a comment by replying to this email.
>
>     Unwatch this issue
>     <https://bitbucket.org/openid/connect/issue/872/unwatch/mbj/6ee343dc8521bd44c690cfa4ae5fe8299cabd061/>
>     to stop receiving email updates.
>
>     	
>     	
>
>     <https://bitbucket.org>
>
>
>     <https://bitbucket.org>
>
>
>
>
>     <https://bitbucket.org>
>
>     _______________________________________________  <https://bitbucket.org>
>
>     Openid-specs-ab mailing list  <https://bitbucket.org>
>
>     _Openid-specs-ab at lists.openid.net_  <https://bitbucket.org>
>
>     _http://lists.openid.net/mailman/listinfo/openid-specs-ab_  <https://bitbucket.org>
>
>
>
>
> <https://bitbucket.org>
>
> --   <https://bitbucket.org>
> Nat Sakimura (_n-sakimura at nri.co.jp_)  <https://bitbucket.org>
> Nomura Research Institute, Ltd.  <https://bitbucket.org>
> _Tel:+81-3-6274-1412_  Fax:+81-3-6274-1547  <https://bitbucket.org>
>     <https://bitbucket.org>
> 本メールに含まれる情報は機密情報であり、宛先に記載されている方のみに送信することを意図しております。意図された受取人以外の方によるこれらの情報の開示、複製、再配布や転送など一切の利用が禁止されています。誤って本メールを受信された場合は、申し訳ござӓ  <https://bitbucket.org>
>   6;|  <https://bitbucket.org>
> 14;せんが、送信者までお知らせいただき、受信されたメールを削除していただきますようお願い致します。  <https://bitbucket.org>
> PLEASE READ:  <https://bitbucket.org>
> The information contained in this e-mail is confidential and intended for the named recipient(s) only.  <https://bitbucket.org>
> If you are not an intended recipient of this e-mail, you are hereby notified that any review, dissemination, distribution or duplication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete your copy from your system.  <https://bitbucket.org>


-- 
Nat Sakimura (n-sakimura at nri.co.jp)
Nomura Research Institute, Ltd.
Tel:+81-3-6274-1412 Fax:+81-3-6274-1547

本メールに含まれる情報は機密情報であり、宛先に記載されている方のみに送信することを意図しております。意図された受取人以外の方によるこれらの情報の開示、複製、再配布や転送など一切の利用が禁止されています。誤って本メールを受信された場合は、申し訳ございませんが、送信者までお知らせいただき、受信されたメールを削除していただきますようお願い致します。
PLEASE READ:
The information contained in this e-mail is confidential and intended for the named recipient(s) only.
If you are not an intended recipient of this e-mail, you are hereby notified that any review, dissemination, distribution or duplication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete your copy from your system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131003/5caf1840/attachment-0001.html>


More information about the Openid-specs-ab mailing list