<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head><title>Draft: OpenID Connect UserInfo 1.0 - draft 03</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<meta name="description" content="OpenID Connect UserInfo 1.0 - draft 03">
<meta name="generator" content="xml2rfc v1.36 (http://xml.resource.org/)">
<style type="text/css"><!--
body {
font-family: verdana, charcoal, helvetica, arial, sans-serif;
font-size: small; color: #000; background-color: #FFF;
margin: 2em;
}
h1, h2, h3, h4, h5, h6 {
font-family: helvetica, monaco, "MS Sans Serif", arial, sans-serif;
font-weight: bold; font-style: normal;
}
h1 { color: #900; background-color: transparent; text-align: right; }
h3 { color: #333; background-color: transparent; }
td.RFCbug {
font-size: x-small; text-decoration: none;
width: 30px; height: 30px; padding-top: 2px;
text-align: justify; vertical-align: middle;
background-color: #000;
}
td.RFCbug span.RFC {
font-family: monaco, charcoal, geneva, "MS Sans Serif", helvetica, verdana, sans-serif;
font-weight: bold; color: #666;
}
td.RFCbug span.hotText {
font-family: charcoal, monaco, geneva, "MS Sans Serif", helvetica, verdana, sans-serif;
font-weight: normal; text-align: center; color: #FFF;
}
table.TOCbug { width: 30px; height: 15px; }
td.TOCbug {
text-align: center; width: 30px; height: 15px;
color: #FFF; background-color: #900;
}
td.TOCbug a {
font-family: monaco, charcoal, geneva, "MS Sans Serif", helvetica, sans-serif;
font-weight: bold; font-size: x-small; text-decoration: none;
color: #FFF; background-color: transparent;
}
td.header {
font-family: arial, helvetica, sans-serif; font-size: x-small;
vertical-align: top; width: 33%;
color: #FFF; background-color: #666;
}
td.author { font-weight: bold; font-size: x-small; margin-left: 4em; }
td.author-text { font-size: x-small; }
/* info code from SantaKlauss at http://www.madaboutstyle.com/tooltip2.html */
a.info {
/* This is the key. */
position: relative;
z-index: 24;
text-decoration: none;
}
a.info:hover {
z-index: 25;
color: #FFF; background-color: #900;
}
a.info span { display: none; }
a.info:hover span.info {
/* The span will display just on :hover state. */
display: block;
position: absolute;
font-size: smaller;
top: 2em; left: -5em; width: 15em;
padding: 2px; border: 1px solid #333;
color: #900; background-color: #EEE;
text-align: left;
}
a { font-weight: bold; }
a:link { color: #900; background-color: transparent; }
a:visited { color: #633; background-color: transparent; }
a:active { color: #633; background-color: transparent; }
p { margin-left: 2em; margin-right: 2em; }
p.copyright { font-size: x-small; }
p.toc { font-size: small; font-weight: bold; margin-left: 3em; }
table.toc { margin: 0 0 0 3em; padding: 0; border: 0; vertical-align: text-top; }
td.toc { font-size: small; font-weight: bold; vertical-align: text-top; }
ol.text { margin-left: 2em; margin-right: 2em; }
ul.text { margin-left: 2em; margin-right: 2em; }
li { margin-left: 3em; }
/* RFC-2629 <spanx>s and <artwork>s. */
em { font-style: italic; }
strong { font-weight: bold; }
dfn { font-weight: bold; font-style: normal; }
cite { font-weight: normal; font-style: normal; }
tt { color: #036; }
tt, pre, pre dfn, pre em, pre cite, pre span {
font-family: "Courier New", Courier, monospace; font-size: small;
}
pre {
text-align: left; padding: 4px;
color: #000; background-color: #CCC;
}
pre dfn { color: #900; }
pre em { color: #66F; background-color: #FFC; font-weight: normal; }
pre .key { color: #33C; font-weight: bold; }
pre .id { color: #900; }
pre .str { color: #000; background-color: #CFF; }
pre .val { color: #066; }
pre .rep { color: #909; }
pre .oth { color: #000; background-color: #FCF; }
pre .err { background-color: #FCC; }
/* RFC-2629 <texttable>s. */
table.all, table.full, table.headers, table.none {
font-size: small; text-align: center; border-width: 2px;
vertical-align: top; border-collapse: collapse;
}
table.all, table.full { border-style: solid; border-color: black; }
table.headers, table.none { border-style: none; }
th {
font-weight: bold; border-color: black;
border-width: 2px 2px 3px 2px;
}
table.all th, table.full th { border-style: solid; }
table.headers th { border-style: none none solid none; }
table.none th { border-style: none; }
table.all td {
border-style: solid; border-color: #333;
border-width: 1px 2px;
}
table.full td, table.headers td, table.none td { border-style: none; }
hr { height: 1px; }
hr.insert {
width: 80%; border-style: none; border-width: 0;
color: #CCC; background-color: #CCC;
}
--></style>
</head>
<body>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<table summary="layout" border="0" cellpadding="0" cellspacing="0" width="66%"><tbody><tr><td><table summary="layout" border="0" cellpadding="2" cellspacing="1" width="100%">
<tbody><tr><td class="header">Draft</td><td class="header">N. Sakimura, Ed.</td></tr>
<tr><td class="header"> </td><td class="header">NRI</td></tr>
<tr><td class="header"> </td><td class="header">J. Bradley</td></tr>
<tr><td class="header"> </td><td class="header">Protiviti Government Services</td></tr>
<tr><td class="header"> </td><td class="header">M. Jones</td></tr>
<tr><td class="header"> </td><td class="header">Microsoft</td></tr>
<tr><td class="header"> </td><td class="header">E. Jay</td></tr>
<tr><td class="header"> </td><td class="header">MGI1</td></tr>
<tr><td class="header"> </td><td class="header">June 30, 2011</td></tr>
</tbody></table></td></tr></tbody></table>
<h1><br>OpenID Connect UserInfo 1.0 - draft 03</h1>
<h3>Abstract</h3>
<p>This specification describes the schema and format returned by the
UserInfo endpoint of OpenID Connect.
</p>
<h3>Requirements Language</h3>
<p>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <a class="info" href="#RFC2119">RFC 2119<span> (</span><span class="info">Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.</span><span>)</span></a> [RFC2119].
</p><a name="toc"></a><br><hr>
<h3>Table of Contents</h3>
<p class="toc">
<a href="#anchor1">1.</a>
Terminology<br>
<a href="#anchor2">2.</a>
UserInfo Endpoint<br>
<a href="#anchor3">2.1.</a>
Requests<br>
<a href="#anchor4">2.2.</a>
Responses<br>
<a href="#anchor6">2.3.</a>
Errors<br>
<a href="#anchor7">3.</a>
Other Items for Consideration<br>
<a href="#IANA">4.</a>
IANA Considerations<br>
<a href="#Security">5.</a>
Security Considerations<br>
<a href="#Acknowledgements">6.</a>
Acknowledgements<br>
<a href="#rfc.references1">7.</a>
References<br>
<a href="#rfc.references1">7.1.</a>
Normative References<br>
<a href="#rfc.references2">7.2.</a>
Informative References<br>
<a href="#anchor10">Appendix A.</a>
Document History<br>
<a href="#rfc.authors">§</a>
Authors' Addresses<br>
</p>
<br clear="all">
<a name="anchor1"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<a name="rfc.section.1"></a><h3>1.
Terminology</h3>
<p>See <a class="info" href="#OpenID.CC">OpenID Connect Core<span> (</span><span class="info">Recordon, D., Sakimura, N., Bradley, J., de Medeiros, B., Jones, M., and E. Jay, “OpenID Connect Core 1.0,” June 2011.</span><span>)</span></a> [OpenID.CC] for
terminology used in this specification.
</p>
<a name="anchor2"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<a name="rfc.section.2"></a><h3>2.
UserInfo Endpoint</h3>
<p>The UserInfo Endpoint returns claims for the authenticated user.
</p>
<p>Claim objects contain members and member values which are the
individual claims and claims values. A claim object is represented by a
<a class="info" href="#RFC4627">JSON<span> (</span><span class="info">Crockford, D., “The application/json Media Type for JavaScript Object Notation (JSON),” July 2006.</span><span>)</span></a> [RFC4627] object which contains a collection of
name/value pairs for the claims.
</p>
<a name="anchor3"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<a name="rfc.section.2.1"></a><h3>2.1.
Requests</h3>
<p>Clients MAY send requests with the following parameters to the
UserInfo Endpoint to obtain further information about the user. The
UserInfo Endpoint complies with the <a class="info" href="#OAuth2.0">OAuth2<span> (</span><span class="info">Hammer-Lahav, E., Ed., Recordon, D., and D. Hardt, “OAuth 2.0 Authorization Protocol,” May 2011.</span><span>)</span></a> [OAuth2.0]
<a class="info" href="#BEARER">Bearer Token<span> (</span><span class="info">Jones, M., Ed., Recordon, D., and D. Hardt, “The OAuth 2.0 Protocol: Bearer Tokens,” Jun 2011.</span><span>)</span></a> [BEARER] specification. As such the
access token SHOULD be specified via the HTTP Authorization header.
</p>
<p></p>
<blockquote class="text"><dl>
<dt>access_token</dt>
<dd>REQUIRED. The access_token obtained
from an OpenID Connect authorization request. This parameter
MUST NOT be sent if the access token is sent in the HTTP
Authorization header
</dd>
<dt>schema</dt>
<dd>OPTIONAL. The schema in which the data is to
be returned. The only predefined value is "openid". If this
parameter is not included, the response may be a proprietary
format to support backwards compatibility. Custom scheme names and
responses are out of scope for this specification.
</dd>
<dt>id</dt>
<dd>RESERVED. This is reserved for backwards
compatibility. It MUST be ignored by the endpoint if the "openid"
schema is used.
</dd>
</dl></blockquote>
<a name="anchor4"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<a name="rfc.section.2.2"></a><h3>2.2.
Responses</h3>
<p>
If the requested schema is "openid", the response MUST
return a plain text JSON object that contains a set of
claims that are a subset of those defined below. Additional
claims (not specified below) MAY also be returned.
</p>
<p>The claims may be represented in multiple languages and scripts. To
specify the languages and scripts, <a class="info" href="#RFC5646">BCP47<span> (</span><span class="info">Phillips, A. and M. Davis, “Tags for Identifying Languages,” September 2009.</span><span>)</span></a> [RFC5646]
language tags MUST be added to each claims delimited by a "#". e.g.,
<tt>familyName#ja-Kana-JP</tt> for expressing
Family Name in Katakana in Japanese, which is commonly used to index
and represent the phonetics of the Kanji representation of the same
represented as <tt>familyName#ja-Hani-JP</tt>.
</p><br><hr class="insert">
<a name="ClaimTable"></a>
<table class="full" align="center" border="0" cellpadding="2" cellspacing="2">
<colgroup><col align="left"><col align="left"><col align="left">
</colgroup><tbody><tr><th align="left">Claim</th><th align="left">Type</th><th align="left">Description</th></tr>
<tr>
<td align="left">id</td>
<td align="left">string</td>
<td align="left">
Identifier for the user at the issuer.
</td>
</tr>
<tr>
<td align="left">name</td>
<td align="left">string</td>
<td align="left">
User's full name in displayable form including all name
parts, ordered according to user's locale and preferences.
</td>
</tr>
<tr>
<td align="left">given_name</td>
<td align="left">string</td>
<td align="left">
Given name or first name of the user.
</td>
</tr>
<tr>
<td align="left">family_name</td>
<td align="left">string</td>
<td align="left">
Surname or last name of the user.
</td>
</tr>
<tr>
<td align="left">middle_name</td>
<td align="left">string</td>
<td align="left">
Middle name of the user.
</td>
</tr>
<tr>
<td align="left">nickname</td>
<td align="left">string</td>
<td align="left">
Casual name of the user that may or may not be the same
as the <tt>given_name</tt>. For
instance, a <tt>nickname</tt> value of
"Mike" might be returned alongside a <tt>given_name</tt> value of "Michael".
</td>
</tr>
<tr>
<td align="left">profile</td>
<td align="left">string</td>
<td align="left">
URL of user's profile page.
</td>
</tr>
<tr>
<td align="left">picture</td>
<td align="left">string</td>
<td align="left">
The user's profile picture.
</td>
</tr>
<tr>
<td align="left">website</td>
<td align="left">string</td>
<td align="left">
URL of user's web page or blog.
</td>
</tr>
<tr>
<td align="left">email</td>
<td align="left">string</td>
<td align="left">
The user's preferred e-mail address.
</td>
</tr>
<tr>
<td align="left">verified</td>
<td align="left">boolean</td>
<td align="left">
True if the user's e-mail address has been verified; otherwise false.
</td>
</tr>
<tr>
<td align="left">gender</td>
<td align="left">string</td>
<td align="left">
The user's gender: "female" or "male".
</td>
</tr>
<tr>
<td align="left">birthday</td>
<td align="left">string</td>
<td align="left">
The user's birthday, represented as a date string in
MM/DD/YYYY format. The year MAY be "0000", indicating
that it is omitted.
</td>
</tr>
<tr>
<td align="left">zoneinfo</td>
<td align="left">string</td>
<td align="left">
String from zoneinfo <a class="info" href="#zoneinfo">[zoneinfo]<span> (</span><span class="info">Public Domain, “The tz database,” June 2011.</span><span>)</span></a> timezone
database. For example, "Europe/Paris" or
"America/Los_Angeles".
</td>
</tr>
<tr>
<td align="left">locale</td>
<td align="left">string</td>
<td align="left">
The user's locale, represented as an <a class="info" href="#RFC5646">RFC 5646<span> (</span><span class="info">Phillips, A. and M. Davis, “Tags for Identifying Languages,” September 2009.</span><span>)</span></a> [RFC5646] language tag. This is
typically an <a class="info" href="#ISO639-1">ISO 639-1
Alpha-2<span> (</span><span class="info">International Organization
for Standardization, “ISO 639-1:2002. Codes for the representation of
names of languages -- Part 1: Alpha-2 code,” 2002.</span><span>)</span></a> [ISO639‑1] language code in lowercase and an <a class="info" href="#ISO3166-1">ISO 3166-1 Alpha-2<span> (</span><span class="info">International
Organization for Standardization, “ISO 3166-1:1997. Codes for the
representation of names of countries and their subdivisions --
Part 1: Country codes,” 1997.</span><span>)</span></a> [ISO3166‑1] country code
in uppercase, separated by a dash. For example, "en-US"
or "fr-CA". As a compatibility note, some implementations
have used an underscore as the separator rather than a
dash, for example, "en_US"; Implementations MAY choose to
accept this locale syntax as well.
</td>
</tr>
<tr>
<td align="left">phone_number</td>
<td align="left">string</td>
<td align="left">
The user's preferred telephone number. For example,
"+1 (425) 555-1212" or "+56 (2) 687 2400".
</td>
</tr>
<tr>
<td align="left">address</td>
<td align="left">JSON object</td>
<td align="left">
The user's preferred address. The value of the <tt>address</tt> claim is a JSON structure
containing some or all of these string-valued fields:
<tt>formatted</tt>, <tt>street_address</tt>, <tt>locality</tt>, <tt>region</tt>, <tt>postal_code</tt>, and <tt>country</tt>. The <tt>street_address</tt> field MAY contain
multiple lines if the address representation requires it.
Implementations MAY return only a subset of the fields of
an <tt>address</tt>, depending upon the
information available and the user's privacy preferences.
For example, the <tt>country</tt> and
<tt>region</tt> might be returned
without returning more fine-grained address information.
</td>
</tr>
<tr>
<td align="left">updated_time</td>
<td align="left">string</td>
<td align="left">
Time the user's information was last updated, represented
as a <a class="info" href="#RFC3339">RFC 3339<span> (</span><span class="info">Klyne, G., Ed. and C. Newman, “Date and Time on the Internet: Timestamps,” July 2002.</span><span>)</span></a> [RFC3339] datetime. For
example, "2011-01-03T23:58:42+0000".
</td>
</tr>
</tbody></table>
<br clear="all">
<table align="center" border="0" cellpadding="0" cellspacing="2"><tbody><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b> Table 1: Reserved Claim Definitions </b></font><br></td></tr></tbody></table><hr class="insert">
<p>For privacy reasons, OpenID providers may elect to not provide
values for some schema elements as part of the "openid" scope.
</p>
<p>The UserInfo endpoint will return claims in JSON format unless a
request for a different format is made by the RP in the Authorization
request. See the <a class="info" href="#OpenID.CC">OpenID Connect Core<span> (</span><span class="info">Recordon, D., Sakimura, N., Bradley, J., de Medeiros, B., Jones, M., and E. Jay, “OpenID Connect Core 1.0,” June 2011.</span><span>)</span></a> [OpenID.CC]
specification on how to request a different format. The UserInfo
Endpoint MUST return a content-type header to indicate which format is
being returned. The following are accepted content types:
</p><table class="all" align="center" border="0" cellpadding="2" cellspacing="2">
<colgroup><col align="left"><col align="left">
</colgroup><tbody><tr><th align="left">Content-Type</th><th align="left">Format Returned</th></tr>
<tr>
<td align="left">application/json</td>
<td align="left">plain text JSON object</td>
</tr>
<tr>
<td align="left">application/jwt</td>
<td align="left">A JWT</td>
</tr>
</tbody></table>
<br clear="all">
<a name="anchor5"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<a name="rfc.section.2.2.1"></a><h3>2.2.1.
Example Responses</h3>
<p>The following is a non-normative normal claims response:
</p>
<p>
</p>
<div style="display: table; width: 0; margin-left: 3em; margin-right: auto"><pre>{
"id": "90125",
"name": "Jonathan Q. Doe"
"given_name": "Jonathan",
"middle_name": "Q.",
"family_name": "Doe",
"nickname": "John",
"email": "johndoe@example.com",
"verified": true,
"profile": "http://example.com/johndoe/",
"picture": "http://example.com/johndoe/me.jpg",
"website": "http://john.doe.blogs.example.net/",
"gender": "male",
"birthday": "05/02/0000",
"zoneinfo": "America/Los_Angeles"
"locale": "en_US",
"phone_number": "+1 (425) 555-1212",
"address": {
"region": "WA",
"country": "United States"
},
"last_updated": "2011-06-29T21:10:22+0000"
}</pre></div><p>
</p>
<a name="anchor6"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<a name="rfc.section.2.3"></a><h3>2.3.
Errors</h3>
<p>In addition to the standard <a class="info" href="#OAuth2.0">OAuth 2.0<span> (</span><span class="info">Hammer-Lahav, E., Ed., Recordon, D., and D. Hardt, “OAuth 2.0 Authorization Protocol,” May 2011.</span><span>)</span></a> [OAuth2.0] errors, the UserInfo endpoint may return the following
errors:
</p>
<p>The Authorization Server includes one of the following error codes
with the error response:
</p>
<p></p>
<blockquote class="text"><dl>
<dt>unsupported_schema</dt>
<dd>The requested schema is
unsupported.
</dd>
</dl></blockquote>
<a name="anchor7"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<a name="rfc.section.3"></a><h3>3.
Other Items for Consideration</h3>
<p>
</p>
<a name="IANA"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<a name="rfc.section.4"></a><h3>4.
IANA Considerations</h3>
<p>This document makes no request of IANA.
</p>
<a name="Security"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<a name="rfc.section.5"></a><h3>5.
Security Considerations</h3>
<p>
</p>
<a name="Acknowledgements"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<a name="rfc.section.6"></a><h3>6.
Acknowledgements</h3>
<p>The OpenID Community would like to thank the following people for the
work they've done in the drafting and editing of this specification.
</p>
<p></p>
<blockquote class="text">
<p>Breno de Medeiros (breno@gmail.com), Google
</p>
<p>Chuck Mortimore (cmortimore@salesforce.com), Salesforce
</p>
<p>David Recordon (dr@fb.com)<author>, Facebook
</p>
<p>George Fletcher (george.fletcher@corp.aol.com), AOL
</p>
<p>John Bradley (jbradely@mac.com) <author>, Protiviti
Government Services
</p>
<p>Edmund Jay (ejay@mgi1.com), MGI1
</p>
<p>Michael B. Jones (mbj@microsoft.com), Microsoft
</p>
<p>Nat Sakimura (n-sakimura@nri.co.jp) <author/editor>, Nomura
Research Institute, Ltd.
</p>
<p>Paul Tarjan (pt@fb.com), Facebook
</p>
<p>Ryo Itou (ritou@yahoo-corp.jp), Yahoo! Japan
</p>
</blockquote>
<a name="rfc.references"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<a name="rfc.section.7"></a><h3>7.
References</h3>
<a name="rfc.references1"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<h3>7.1. Normative References</h3>
<table border="0" width="99%">
<tbody><tr><td class="author-text" valign="top"><a name="BEARER">[BEARER]</a></td>
<td class="author-text">Jones, M., Ed., Recordon, D., and D. Hardt, “<a href="http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-06">The OAuth 2.0 Protocol: Bearer Tokens</a>,” Jun 2011.</td></tr>
<tr><td class="author-text" valign="top"><a name="ISO3166-1">[ISO3166-1]</a></td>
<td class="author-text">International Organization for Standardization, “<a href="http://www.w3.org/WAI/ER/IG/ert/iso639.htm">ISO 3166-1:1997. Codes for the representation of
names of countries and their subdivisions -- Part 1: Country
codes</a>,” 1997.</td></tr>
<tr><td class="author-text" valign="top"><a name="ISO639-1">[ISO639-1]</a></td>
<td class="author-text">International Organization for Standardization, “ISO 639-1:2002. Codes for the representation of names
of languages -- Part 1: Alpha-2 code,” 2002.</td></tr>
<tr><td class="author-text" valign="top"><a name="JWT">[JWT]</a></td>
<td class="author-text">Jones, M., Balfanz, D., Bradley, J., Goland, Y., Panzer, J., Sakimura, N., and P. Tarjan, “<a href="http://self-issued.info/docs/draft-jones-json-web-token-04.html">JSON Web Token</a>,” March 2011.</td></tr>
<tr><td class="author-text" valign="top"><a name="OAuth2.0">[OAuth2.0]</a></td>
<td class="author-text">Hammer-Lahav, E., Ed., Recordon, D., and D. Hardt, “<a href="http://tools.ietf.org/html/draft-ietf-oauth-v2-16">OAuth 2.0 Authorization Protocol</a>,” May 2011.</td></tr>
<tr><td class="author-text" valign="top"><a name="OpenID.CC">[OpenID.CC]</a></td>
<td class="author-text">Recordon, D., Sakimura, N., Bradley, J., de Medeiros, B., Jones, M., and E. Jay, “<a href="http://openid.net/specs/openid-connect-core-1_0.html">OpenID Connect Core 1.0</a>,” June 2011.</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC2119">[RFC2119]</a></td>
<td class="author-text"><a href="mailto:sob@harvard.edu">Bradner, S.</a>, “<a href="http://tools.ietf.org/html/rfc2119">Key words for use in RFCs to Indicate Requirement Levels</a>,” BCP 14, RFC 2119, March 1997 (<a href="http://www.rfc-editor.org/rfc/rfc2119.txt">TXT</a>, <a href="http://xml.resource.org/public/rfc/html/rfc2119.html">HTML</a>, <a href="http://xml.resource.org/public/rfc/xml/rfc2119.xml">XML</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC3339">[RFC3339]</a></td>
<td class="author-text"><a href="mailto:GK@ACM.ORG">Klyne, G., Ed.</a> and <a href="mailto:chris.newman@sun.com">C. Newman</a>, “<a href="http://tools.ietf.org/html/rfc3339">Date and Time on the Internet: Timestamps</a>,” RFC 3339, July 2002 (<a href="http://www.rfc-editor.org/rfc/rfc3339.txt">TXT</a>, <a href="http://xml.resource.org/public/rfc/html/rfc3339.html">HTML</a>, <a href="http://xml.resource.org/public/rfc/xml/rfc3339.xml">XML</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC3986">[RFC3986]</a></td>
<td class="author-text"><a href="mailto:timbl@w3.org">Berners-Lee, T.</a>, <a href="mailto:fielding@gbiv.com">Fielding, R.</a>, and <a href="mailto:LMM@acm.org">L. Masinter</a>, “<a href="http://tools.ietf.org/html/rfc3986">Uniform Resource Identifier (URI): Generic Syntax</a>,” STD 66, RFC 3986, January 2005 (<a href="http://www.rfc-editor.org/rfc/rfc3986.txt">TXT</a>, <a href="http://xml.resource.org/public/rfc/html/rfc3986.html">HTML</a>, <a href="http://xml.resource.org/public/rfc/xml/rfc3986.xml">XML</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC4627">[RFC4627]</a></td>
<td class="author-text">Crockford, D., “<a href="http://tools.ietf.org/html/rfc4627">The application/json Media Type for JavaScript Object Notation (JSON)</a>,” RFC 4627, July 2006 (<a href="http://www.rfc-editor.org/rfc/rfc4627.txt">TXT</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC5646">[RFC5646]</a></td>
<td class="author-text">Phillips, A. and M. Davis, “<a href="http://tools.ietf.org/html/rfc5646">Tags for Identifying Languages</a>,” BCP 47, RFC 5646, September 2009 (<a href="http://www.rfc-editor.org/rfc/rfc5646.txt">TXT</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="zoneinfo">[zoneinfo]</a></td>
<td class="author-text">Public Domain, “<a href="http://www.twinsun.com/tz/tz-link.htm">The tz database</a>,” June 2011.</td></tr>
</tbody></table>
<a name="rfc.references2"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<h3>7.2. Informative References</h3>
<table border="0" width="99%">
<tbody><tr><td class="author-text" valign="top"><a name="GraphAPI">[GraphAPI]</a></td>
<td class="author-text">Facebook, “<a href="http://developers.facebook.com/docs/reference/api/user/">Facebook Graph API - User</a>,” June 2011.</td></tr>
<tr><td class="author-text" valign="top"><a name="POCO">[POCO]</a></td>
<td class="author-text">Smarr, J., “<a href="http://portablecontacts.net/draft-spec.html">Portable Contacts 1.0 Draft C.</a>,” August 2008.</td></tr>
</tbody></table>
<a name="anchor10"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<a name="rfc.section.A"></a><h3>Appendix A.
Document History</h3>
<p>
[[ to be removed once the specification is approved ]]
</p>
<p>
-03
</p>
<ul class="text">
<li>
Added text describing the UserInfo endpoint as an OAuth2 protected
resource compilying with the OAuth2.0 Bearer Token specification.
Also changed the response text to require the returned JSON object
to compile with the specified schema if the schema parameter is
"openid". Changed SHOULD to MUST. Added the OAuth2 Bearer Token
specification to the list of referenced specifications and corrected
the referenced URL in the OAuth2.0 target.
</li>
</ul><p>
</p>
<p>
-02
</p>
<ul class="text">
<li>
Converted from Portable Contacts identifiers using
camelCase to Facebook-style identifiers using
lowercase_separated_by_underscores. Also simplified a
number of the fields that used to be structures or arrays
so that they are now simple values. Where the same names
are used, they are intended to be compatible their usage
as <a class="info" href="#GraphAPI">Facebook Graph API User<span> (</span><span class="info">Facebook, “Facebook Graph API - User,” June 2011.</span><span>)</span></a> [GraphAPI]
fields.
</li>
</ul><p>
</p>
<p>
-01
</p>
<ul class="text">
<li>
Minor changes to prepare for publication at
openid.net/specs/.
</li>
</ul><p>
</p>
<p>
-00
</p>
<ul class="text">
<li>
Initial draft incorporating consensus decisions reached at
the Internet Identity Workshop (IIW) in May, 2011. The
schema specified is based upon <a class="info" href="#POCO">Portable Contacts<span> (</span><span class="info">Smarr, J., “Portable Contacts 1.0 Draft C.,” August 2008.</span><span>)</span></a> [POCO].
</li>
</ul><p>
</p>
<a name="rfc.authors"></a><br><hr>
<table summary="layout" class="TOCbug" align="right" cellpadding="0" cellspacing="2"><tbody><tr><td class="TOCbug"><a href="#toc"> TOC </a></td></tr></tbody></table>
<h3>Authors' Addresses</h3>
<table border="0" cellpadding="0" cellspacing="0" width="99%">
<tbody><tr><td class="author-text"> </td>
<td class="author-text">Nat Sakimura (editor)</td></tr>
<tr><td class="author-text"> </td>
<td class="author-text">Nomura Research Institute,
Ltd.</td></tr>
<tr><td class="author" align="right">Email: </td>
<td class="author-text"><a href="mailto:n-sakimura@nri.co.jp">n-sakimura@nri.co.jp</a></td></tr>
<tr cellpadding="3"><td> </td><td> </td></tr>
<tr><td class="author-text"> </td>
<td class="author-text">John Bradley</td></tr>
<tr><td class="author-text"> </td>
<td class="author-text">Protiviti
Government Services</td></tr>
<tr><td class="author" align="right">Email: </td>
<td class="author-text"><a href="mailto:jbradley@mac.com">jbradley@mac.com</a></td></tr>
<tr cellpadding="3"><td> </td><td> </td></tr>
<tr><td class="author-text"> </td>
<td class="author-text">Michael B. Jones</td></tr>
<tr><td class="author-text"> </td>
<td class="author-text">Microsoft Corporation</td></tr>
<tr><td class="author" align="right">Email: </td>
<td class="author-text"><a href="mailto:mbj@microsoft.com">mbj@microsoft.com</a></td></tr>
<tr cellpadding="3"><td> </td><td> </td></tr>
<tr><td class="author-text"> </td>
<td class="author-text">Edmund Jay</td></tr>
<tr><td class="author-text"> </td>
<td class="author-text">MGI1</td></tr>
<tr><td class="author" align="right">Email: </td>
<td class="author-text"><a href="mailto:ejay@mgi1.com">ejay@mgi1.com</a></td></tr>
</tbody></table>
</body></html>