[Openid-specs-ab] ServerMTI in Messages

Torsten Lodderstedt torsten at lodderstedt.net
Wed Jan 30 11:25:48 UTC 2013

Hi all,

just re-read the MTI section of messages (8.1. specifically), which  
caused two questions:
1) Assuming the scope values "profile", "email", "address" and "phone"  
are required for all server implementations, how is a non-dynamic  
OpenID provider supposed to expose this data? I'm asking since the  
UserInfo endpoint is MTI for dynamic OpenID providers, only.
2) Which are the default signing algorithms for request objects?  
Discovery says "Servers SHOULD support none and RS256".


More information about the Openid-specs-ab mailing list