OpenID Wiki / OpenIDwithArtifactBinding : 10.4 Direct Assertion Request / 10.5 Direct Assertion Response


10.4 Direct Assertion Request

If valid openid.artifact was returned, the RP SHOULD request the OP in direct communication with the following parameters: 

  • openid.ns

    As specified in Section 4.1.2.

  • openid.mode

    Value: "assertion_req_direct" “direct_assertion_req”

  • openid.artifact

    Value: The Artifact value received in the Artifact Authentication Response.

  • openid.signed

    Value: Comma-separated list of fields in this request.

  • openid.sig

    Value: Base 64 encoded signature calculated as specified in Section 6.

  • openid.assoc_handle

    Value: A handle for an association between the Relying Party and the OP that SHOULD be used to sign the response.

On receipt of such request, the OP should return the assertion created previously as the payload of the response to this request. {TODO: text refinement. Think over the security risk of Artifact exposure on the indirect communication.} 

10.5 Direct Assertion Response

Assertion directly requested by RP should be return in the same parameters as “10.1. Possitive Assertions” except for “openid.mode”. “openid.mode” MUST be “direct_assertion_res” in this case.

10.5.1. Unsuccessfull Direct Assertion Response.

If a direct assertion request fails, error response MUST be returned. Parameters of unsuccessfull direct assertion response are same as “

9.1.2 Unsuccessful  Direct Authentication Request Response” except for “openid.mode”. openid.mode” MUST be “direct_assertion_error” in this case.

OpenID Wiki / OpenIDwithArtifactBinding

カテゴリー: 未分類 パーマリンク


以下に詳細を記入するか、アイコンをクリックしてログインしてください。 ロゴ アカウントを使ってコメントしています。 ログアウト / 変更 )

Twitter 画像

Twitter アカウントを使ってコメントしています。 ログアウト / 変更 )

Facebook の写真

Facebook アカウントを使ってコメントしています。 ログアウト / 変更 )

Google+ フォト

Google+ アカウントを使ってコメントしています。 ログアウト / 変更 )

%s と連携中