[Openid-specs-ab] December 27, 2012 OpenID Connect Release

Edmund Jay ejay at mgi1.com
Tue Jan 8 02:19:23 UTC 2013

Hi Roland, 

Can you update the birthday claim in your code. It's been changed to birthdate 
with a new format.

JWE also has a change in the KDF used in the encryption.


-- Edmund

From: Roland Hedberg <roland.hedberg at adm.umu.se>
To: "openid-connect-interop at googlegroups.com" 
<openid-connect-interop at googlegroups.com>
Cc: "openid-specs-ab at lists.openid.net" <openid-specs-ab at lists.openid.net>
Sent: Fri, January 4, 2013 4:47:43 AM
Subject: Re: December 27, 2012 OpenID Connect Release

Hi !

The code running on the test site (http://openidtest.uninett.no/)
and my own OP at xenosmilus2.umdc.umu.se are now updated to comply with the 
these changes.

29 dec 2012 kl. 02:09 skrev Mike Jones <Michael.Jones at microsoft.com>:

> New versions of the OpenID Connect specifications have been released resolving 
>numerous open issues raised by the working group.  The most significant change 
>is changing the name of the “user_id” claim to “sub” (subject) so that ID Tokens 
>conform to the OAuth JWT Bearer Profile specification, and so they can be used 
>as OAuth assertions.  (Also, see the related coordinated change to the OAuth JWT 
>specifications.)  A related enhancement was extending our use of the “aud” 
>(audience) claim to allow ID Tokens to have multiple audiences.  Also, a related 
>addition was defining the “azp” (authorized party) claim to allow implementers 
>to experiment with this proposed functionality.  (This is a slightly more 
>general form of the “cid” claim that Google and Nat Sakimura had proposed.)
> Other updates were:
> ·        The “offline_access” scope value was defined to request that a refresh 
>token be returned when using the code flow that can be used to obtain an access 
>token granting access to the user’s UserInfo endpoint even when the user is not 
> ·        A new “tos_url” registration parameter was added so that the terms of 
>service can be specified separately from the usage policy.
> ·        Clarified that “jwk_url” and “jwk_encryption_url” refer to documents 
>containing JWK Sets - not single JWK keys.
> Implementers need to apply these name changes to their code:
> ·        user_id -> sub
> ·        prn -> sub
> ·        user_id_types_supported -> subject_types_supported
> ·        user_id_type -> subject_type
> ·        acrs_supported -> acr_values_supported
> ·        alg -> kty (in JWKs)
> See the Document History section of each specification for more details about 
>the changes made.
> This release is part of a coordinated release of JOSE, OAuth, and OpenID 
>Connect specifications.  You can read about the other releases here:  JOSE 
>Release Notes, OAuth Release Notes.
> The new specification versions are:
> ·        http://openid.net/specs/openid-connect-basic-1_0-22.html
> ·        http://openid.net/specs/openid-connect-implicit-1_0-05.html
> ·        http://openid.net/specs/openid-connect-messages-1_0-14.html
> ·        http://openid.net/specs/openid-connect-standard-1_0-15.html
> ·        http://openid.net/specs/openid-connect-discovery-1_0-11.html
> ·        http://openid.net/specs/openid-connect-registration-1_0-13.html
> ·        http://openid.net/specs/openid-connect-session-1_0-10.html
>                                                             -- Mike

-- Roland
Roland Hedberg
IT Architect/Senior Researcher
ICT Services and System Development (ITS) 
Umeå University 
SE-901 87 Umeå, Sweden    
Phone +46 90 786 68 44
Mobile +46 70 696 68 44 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130107/1e4ea18a/attachment.html>

More information about the Openid-specs-ab mailing list