
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<meta name="Generator" content="Microsoft Exchange Server">

<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>

</head>

<body>

<div>

<div>

<div style="font-family:Calibri,sans-serif; font-size:11pt">Breno and Naveen, do you agree with the code below?<br>

<br>

-- Mike<br>

<br>

</div>

</div>

<hr>

<span style="font-family:Tahoma,sans-serif; font-size:10pt; font-weight:bold">From:

</span><span style="font-family:Tahoma,sans-serif; font-size:10pt">Ryo Ito</span><br>

<span style="font-family:Tahoma,sans-serif; font-size:10pt; font-weight:bold">Sent:

</span><span style="font-family:Tahoma,sans-serif; font-size:10pt">1/26/2013 7:43 AM</span><br>

<span style="font-family:Tahoma,sans-serif; font-size:10pt; font-weight:bold">To:

</span><span style="font-family:Tahoma,sans-serif; font-size:10pt">openid-specs-ab@lists.openid.net</span><br>

<span style="font-family:Tahoma,sans-serif; font-size:10pt; font-weight:bold">Subject:

</span><span style="font-family:Tahoma,sans-serif; font-size:10pt">[Openid-specs-ab] Session Management - 4.1. OP iframe sample</span><br>

<br>

</div>

<font size="2"><span style="font-size:10pt;">

<div class="PlainText">OP iframe sample still includes the unnecessary descriptions such as<br>

salt or the SHA256 hash.<br>

The developer may confuse.<br>

<br>

My suggestion of OP iframe samples:<br>

===<br>

window.addEventListener("message", receiveMessage, false);<br>

<br>

  function receiveMessage(e){ // e has client_id and session_state<br>

<br>

    var stat;<br>

    // Validate message origin<br>

    client_id = e.data.split(' ')[0];<br>

    if(!validate_client_origin(client_id, e.origin);){<br>

      return;<br>

    }<br>

<br>

    session_state = message.split(' ')[1];<br>

    browser_session_state = get_browser_session_state();<br>

    if (session_state == browser_session_state) {<br>

      stat = 'unchanged';<br>

    } else {<br>

      stat = 'changed';<br>

    }<br>

<br>

    e.source.postMessage(stat, e.origin);<br>

<br>

    function validate_client_origin(client_id, origin)<br>

    {<br>

      // origin validation<br>

      return true; // or false<br>

    }<br>

<br>

    function get_browser_session_state(client_id, origin)<br>

    {<br>

      // return "session state from cookie or HTML strage"<br>

    }<br>

  };<br>

===<br>

<br>

Ryo.<br>

<br>

-- <br>

====================<br>

Ryo Ito<br>

Email : ritou.06@gmail.com<br>

====================<br>

_______________________________________________<br>

Openid-specs-ab mailing list<br>

Openid-specs-ab@lists.openid.net<br>

<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>

</div>

</span></font>

</body>

</html>