[WRAP] Wrap Artifact Binding/Mobile Profile
Allen Tom
atom at yahoo-inc.com
Sat Feb 13 04:39:46 UTC 2010
Hi Nat -
As an optimization, can we combine the association request with the artifact
request? In fact, why can¹t the association handle be the artifact?
For example, when the RP requests association, it can pass along all the
request parameters that it normally would pass via the browser in the
authentication request. The OP can then return the association
handle/artifact along with the shared secret.
The RP then redirects the user¹s browser to the OP with the association
handle. After the user authenticates, the OP redirects the browser back to
the RP with the association handle.
The RP then makes a direct server call back to the OP with the handle (and
probably also the shared secret) to fetch the assertion.
I think this scheme will save a couple round trips.
Allen
On 2/11/10 9:55 PM, "Nat Sakimura" <sakimura at gmail.com> wrote:
> If you look at my manuscript of the Artifact Binding
> (http://www.sakimura.org/specs/ab/1.0 )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100212/083d7971/attachment.htm>
More information about the specs
mailing list