[Openid-specs-ab] ServerMTI in Messages

[Torsten Lodderstedt]

Hi all,

just re-read the MTI section of messages (8.1. specifically), which  
caused two questions:
1) Assuming the scope values "profile", "email", "address" and "phone"  
are required for all server implementations, how is a non-dynamic  
OpenID provider supposed to expose this data? I'm asking since the  
UserInfo endpoint is MTI for dynamic OpenID providers, only.
2) Which are the default signing algorithms for request objects?  
Discovery says "Servers SHOULD support none and RS256".

regards,
Torsten.