OpenID from EN to CN

others/oidc/Final_OpenID-Connect-Core-1.0-incorporating-errata-set-1_CN.html

@@ -2566,46 +2566,31 @@
 <a name="rfc.section.3.1.2.3"></a>
 
 <h3>3.1.2.3.&nbsp;
-    Authorization Server Authenticates End-User</h3>
+    授权服务器认证最终用户(End-User)</h3>
 
 <p>
-    If the request is valid, the Authorization Server attempts
+    若请求是有效的, 则授权服务器(Authorization Server)将根据请求所包括的参数值尝试
-    to Authenticate the End-User or determines whether the End-User is Authenticated,
+    验证最终用户(End-User)或决定最终用户(End-User)是否是已验证的.
-    depending upon the request parameter values used.
+    至于授权服务器(Authorization Server)采用什么方式来认证最终用户(如账号与密码, session cookies 等)
-    The methods used by the Authorization Server to Authenticate the End-User
+    已经超出本协议规范的范围.
-    (e.g. username and password, session cookies, etc.)
+    根据使用的请求参数值与使用的认证方式, 一个验证用户接口(interface)
-    are beyond the scope of this specification.
+    也许(MAY)被授权服务器(Authorization Server)对外开放.
-    An Authentication user interface MAY be displayed by
-    the Authorization Server, depending upon the request parameter values used
-    and the authentication methods used.
 
 </p>
 
-<p>The Authorization Server MUST attempt to Authenticate the
-    End-User in the following cases:
-</p>
-<ul class="text">
-    <li>The End-User is not already Authenticated.
-    </li>
-    <li>The Authentication Request contains the <tt>prompt</tt> parameter with the value
-        <tt>login</tt>. In this case, the
-        Authorization Server MUST reauthenticate the End-User
-        even if the End-User is already authenticated.
-    </li>
-</ul>
 <p>
-
+    在下列情况中,授权服务器(Authorization Server)必须(MUST)对
-</p>
+    最终用户进行认证:
-
-<p>The Authorization Server MUST NOT interact with the End-User
-    in the following case:
 </p>
 <ul class="text">
-    <li>The Authentication Request contains the <tt>prompt</tt> parameter with the value
+    <li>
-        <tt>none</tt>. In this case,
+        尚未进行认证的最终用户(End-User).
-        the Authorization Server MUST return
+    </li>
-        an error if an End-User
+    <li>
-        is not already Authenticated or could not be silently Authenticated.
+        认证请求(Authentication Request)中包含 <tt>prompt</tt> 参数并且值为
+        <tt>login</tt>. 在这种情况下,
+        授权服务器(Authorization Server)必须(MUST)重新认证(reauthenticate)
+        最终用户(End-User)即使最终用户已经被认证过.
     </li>
 </ul>
 <p>
@@ -2613,13 +2598,29 @@
 </p>
 
 <p>
-    When interacting with the End-User,
+    在下列情况中,授权服务器(Authorization Server)必须不能(MUST NOT)与
-    the Authorization Server MUST employ appropriate measures against
+    最终用户(End-User)进行交互(interact):
-    Cross-Site Request Forgery and Clickjacking as, described in
+</p>
-    Sections 10.12 and 10.13 of <a class="info" href="#RFC6749">OAuth
+<ul class="text">
+    <li>
+        认证请求(Authentication Request)中包含 <tt>prompt</tt> 参数并且值为
+        <tt>none</tt>. 在这种情况下,
+        如果一个最终用户(End-User)还没被验证或没有使用静默方式(silently)认证,
+        则授权服务器(Authorization Server)必须(MUST)返回一个错误(error).
+    </li>
+</ul>
+<p>
+
+</p>
+
+<p>
+    当与最终用户(End-User)进行交互(interacting)时,
+    授权服务器(Authorization Server)必须(MUST)对
+    跨站伪造请求(Cross-Site Request Forgery)与点击劫持(Clickjacking)采取适当的措施,
+    关于这部分的描述请参考 <a class="info" href="#RFC6749">OAuth
     2.0<span> (</span><span
             class="info">Hardt, D., “The OAuth 2.0 Authorization Framework,” October&nbsp;2012.</span><span>)</span></a>
-    [RFC6749].
+    [RFC6749] 中10.12 与 10.13 章节.
 
 </p>
 <a name="Consent"></a><br>