<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
tt
{mso-style-priority:99;
font-family:"Courier New";
color:#003366;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:381097504;
mso-list-type:hybrid;
mso-list-template-ids:337963740 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:1051343328;
mso-list-template-ids:726810436;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:1334186132;
mso-list-template-ids:1893772256;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3
{mso-list-id:2131625105;
mso-list-template-ids:-766447580;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">The AB/Connect working group has released an update to the OpenID Connect specifications that incorporates the decisions made at the
<a href="http://apr30-oidf-wg.eventbrite.com/">in-person working group meeting</a> at Yahoo! on April 30<sup>th</sup>, other than the self-issued changes, which we will be doing as a separate release. As discussed at the working group meeting, these changes
are mostly simplifications, many thanks to the issues that Torsten Lodderstedt filed. Implementers are encouraged to build and provide feedback on the new and modified features.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The primary normative changes are as follows:<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Use "code" response_type instead of "token id_token" in Basic Client Profile, per issue #567<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Created a new Implicit Client Profile, also per issue #567<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Added scope value
</span><span lang="EN" style="font-family:"Courier New";color:#003366">claims_in_id_token</span><span lang="EN" style="font-family:"Verdana","sans-serif""> as a switch to indicate that the UserInfo claims should be returned in the ID Token, per issue #561<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Removed Check ID Endpoint, per issue #570<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Changed
</span><span lang="EN" style="font-family:"Courier New";color:#003366">verified</span><span lang="EN" style="font-family:"Verdana","sans-serif""> to
</span><span lang="EN" style="font-family:"Courier New";color:#003366">email_verified</span><span lang="EN" style="font-family:"Verdana","sans-serif"">, per issue #564<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Removed requirement for ID Token signature validation from Basic Profile, per issue #568<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Removed use of
</span><span lang="EN" style="font-family:"Courier New";color:#003366">nonce</span><span lang="EN" style="font-family:"Verdana","sans-serif""> from Basic Profile, per issue #569<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Removed
</span><span lang="EN" style="font-family:"Courier New";color:#003366">optional</span><span lang="EN" style="font-family:"Verdana","sans-serif""> claim request parameter and replaced it with
</span><span lang="EN" style="font-family:"Courier New";color:#003366">essential</span><span lang="EN" style="font-family:"Verdana","sans-serif""> claim request parameter, per issue #577. We changed terminology from "optional" to "voluntary" and "required"
to "essential" to better match privacy policy requirements.<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Added "id_token" response type as being MTI for OpenID Providers<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Specified that parameters present in both the OpenID Request Object and the OAuth 2.0 Authorization Request MUST exactly match, per
issue #575<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Changed OpenID Request Object from being specified as a JWT to being specified as a JWS signed base64url encoded JSON object, per issue
#592<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Changed default ID Token signing algorithm to RS256, per issue #571<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Changed default OpenID Request Object signing algorithm to RS256, per issue #571<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Made use of the nonce REQUIRED when using the implicit flow and OPTIONAL when using the code flow, per issue #569<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Added method of calculating signing and encryption keys for symmetric algorithms, per issue #578<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Made
</span><span lang="EN" style="font-family:"Courier New";color:#003366">rotate_secret</span><span lang="EN" style="font-family:"Verdana","sans-serif""> a separate registration request type and stop client secret changing with every response, per issue #363<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo2"><span lang="EN" style="font-family:"Verdana","sans-serif"">Added text for authz to the registration endpoint, per issue #587<o:p></o:p></span></li></ul>
<p class="MsoNormal"><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal">The Connect specs have also been updated to track updates to the OAuth and JOSE specs, including now using the standards-track version of JWT.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The new versions are available from http://openid.net/connect/ or at:<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.net/specs/openid-connect-basic-1_0-18.html">http://openid.net/specs/openid-connect-basic-1_0-18.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.net/specs/openid-connect-implicit-1_0.html">http://openid.net/specs/openid-connect-implicit-1_0.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.net/specs/openid-connect-discovery-1_0-09.html">http://openid.net/specs/openid-connect-discovery-1_0-09.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.net/specs/openid-connect-registration-1_0-11.html">http://openid.net/specs/openid-connect-registration-1_0-11.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.net/specs/openid-connect-messages-1_0-10.html">http://openid.net/specs/openid-connect-messages-1_0-10.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.net/specs/openid-connect-standard-1_0-10.html">http://openid.net/specs/openid-connect-standard-1_0-10.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.net/specs/openid-connect-session-1_0-07.html">http://openid.net/specs/openid-connect-session-1_0-07.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.net/specs/oauth-v2-multiple-response-types-1_0-05.html">http://openid.net/specs/oauth-v2-multiple-response-types-1_0-05.html</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> For the working group,<o:p></o:p></p>
<p class="MsoNormal"> -- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>