<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
tt
{mso-style-priority:99;
font-family:"Courier New";
color:#003366;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1056469296;
mso-list-template-ids:344371534;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:-84.0pt;
mso-level-number-position:left;
margin-left:-84.0pt;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:-48.0pt;
mso-level-number-position:left;
margin-left:-48.0pt;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:-12.0pt;
mso-level-number-position:left;
margin-left:-12.0pt;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:24.0pt;
mso-level-number-position:left;
margin-left:24.0pt;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:60.0pt;
mso-level-number-position:left;
margin-left:60.0pt;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:96.0pt;
mso-level-number-position:left;
margin-left:96.0pt;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:132.0pt;
mso-level-number-position:left;
margin-left:132.0pt;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:168.0pt;
mso-level-number-position:left;
margin-left:168.0pt;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:204.0pt;
mso-level-number-position:left;
margin-left:204.0pt;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Thanks to much heavy lifting by Nat and John, we now have a first draft of the OpenID Connect Lite spec ready for you to review. The goal is that developers should be able to implement a minimal OpenID Connect implementation using only
the information contained in this specification. (They’ll also have to implement Discovery and Registration if they want to enable interactions between parties that are not pre-configured to know about one another.) Please give it a read!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">OpenID Connect Lite: <a href="http://openid.net/specs/openid-connect-lite-1_0.html">
http://openid.net/specs/openid-connect-lite-1_0.html</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Major changes relative to the former HTTP Redirect Binding spec are:<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Removed the
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">code</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> flow. Only the
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">token</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> flow is REQUIRED in Lite.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Make requesting the
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">id_token</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> be REQUIRED. The
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">id_token</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> is treated as opaque.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Make requesting the
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">token</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> OPTIONAL, depending upon whether an Access Token for the UserInfo endpoint
is needed or not.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Dropped the
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">schema</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> parameter to the Introspection endpoint, which was formerly a string
with the value </span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">user_id</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">. This is unnecessary since the
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">id_token</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> parameter already can be used to disambiguate the intended uses(s)
of the endpoint.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Dropped the requested audience from the Lite spec, which was formerly the identifier of the target audience of the response. This could be
part of the Standard spec, but is an advanced scenario, and so not appropriate for Lite.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Reference the Discovery and Registration specs, since they're needed for interaction between non-pre-configured parties (so that OpenID Connect
installations can be Open).<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Rearranged sections for readability.<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This replaces the parts of the former HTTP Redirect Binding spec that were mandatory to implement. To complete the refactoring, the Messages spec and Standard spec still need to be produced from parts of the current Core, Framework, and
HTTP Redirect Binding specs. All the specs under the old organization are still also live.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> Thanks all,<o:p></o:p></p>
<p class="MsoNormal"> -- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>