[Openid-specs-ab] OpenID Federation -41 published

Michael Jones michael_b_jones at hotmail.com
Wed Dec 4 17:55:33 UTC 2024 

Draft 41 of the OpenID Federation specification has been published at https://openid.net/specs/openid-federation-1_0-41.html and https://openid.net/specs/openid-federation-1_0.html.  Particular thanks go to recent contributors Michael Fraser, Pedram Hosseyni, Marko Ivančić, Łukasz Jaromin, Niels van Dijk, Tim Würtele, and Gabriel Zachmann for their substantive contributions to improving the specification!

As recorded in the history entry<https://openid.net/specs/openid-federation-1_0-41.html#name-document-history>, the changes in -41 were:

  *   Fixed #131: Changed anchor request parameter to trust_anchor, changed trust_anchor_id claim to trust_anchor, and changed type request parameter to entity_type.
  *   Explicitly typed base64url-encoded examples that were previously untyped. Also added missing client_id and iss values in some examples.
  *   Fixed #7, #86, #134, and #148: Provides implementation considerations on Federation topologies.
  *   Fixed #136: Defined additional error codes and rationalized naming. Renamed trust_chain_validation_failed to invalid_trust_chain and renamed missing_trust_anchor to invalid_trust_anchor.
  *   Fixed #133: Refined wording about client authentication when using Automatic Registration and added token_endpoint_auth_methods_supported in RP metadata example.
  *   Reference OpenID Connect Relying Party Metadata Choices 1.0.
  *   Fixed #143: Added Trust Mark Issuer and Trust Mark Owner to Terminology section.
  *   Fixed #139: Clarified description of using request objects.
  *   Fixed #140: Federation Entity Keys MUST NOT appear in metadata.
  *   Fixed #105 and #106: Informatively say that the require_signed_request_object and require_pushed_authorization_requests metadata parameters can be used.
  *   Fixed #107: Clarified how to validate Trust Marks.
  *   Fixed #114: Described why it may make sense to not support the use of request_uri other than in conjunction with a PAR request.
  *   Fixed #108: Removed remark about trust mark delegation revocation.
  *   Fixed #120: Required kid (Key ID) header parameter in Signed JWK Set JWTs.
  *   Define media type for Explicit Registration responses application/explicit-registration-response+jwt distinct from application/entity-statement+jwt.
  *   Restrict audience values to the single Entity Identifier of the intended recipient.

                                                                -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20241204/ca9e43e8/attachment.htm>

More information about the Openid-specs-ab mailing list