<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:273482944;
mso-list-type:hybrid;
mso-list-template-ids:-486388380 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">The working group wants to encourage implementers to make these changes as soon as possible so that testing can be performed on updated implementations before we publish the upcoming set of implementers drafts.
Also, if you can please send a note to the openid-connect-interop list when you’ve updated your test endpoints, that would be useful so others will know when they can begin testing the updated interfaces with your code.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Thanks from the working group,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> -- Mike<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> openid-connect-interop@googlegroups.com [mailto:openid-connect-interop@googlegroups.com]
<b>On Behalf Of </b>Mike Jones<br>
<b>Sent:</b> Tuesday, November 20, 2012 9:52 PM<br>
<b>To:</b> openid-connect-interop@googlegroups.com<br>
<b>Subject:</b> OpenID specs updated to track JWE changes<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">As most of you know, the format of encrypted JWE objects changed in
<a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-06">draft-ietf-jose-json-web-encryption-06</a> last month. The primary changes were to eliminate the “int” (integrity) parameter and to create consolidated “A128CBC+HS256” and “A256CBC+HS512”
algorithms. As a result, I’ve updated the Open Connect specs to match. Also, to address
<a href="https://bitbucket.org/openid/connect/issue/614">issue #614</a> and <a href="https://bitbucket.org/openid/connect/issue/673">
issue #673</a>, the parameters used for requesting signed and encrypted objects were reworked to provide finer grained control and more naming consistency. Parameter changes were:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Parameters changed:<o:p></o:p></p>
<p class="MsoNormal"> userinfo_algs_supported -><o:p></o:p></p>
<p class="MsoNormal"> userinfo_signing_alg_values_supported<o:p></o:p></p>
<p class="MsoNormal"> userinfo_encryption_alg_values_supported<o:p></o:p></p>
<p class="MsoNormal"> userinfo_encryption_enc_values_supported<o:p></o:p></p>
<p class="MsoNormal"> id_token_algs_supported -><o:p></o:p></p>
<p class="MsoNormal"> id_token_signing_alg_values_supported<o:p></o:p></p>
<p class="MsoNormal"> id_token_encryption_alg_values_supported<o:p></o:p></p>
<p class="MsoNormal"> id_token_encryption_enc_values_supported<o:p></o:p></p>
<p class="MsoNormal"> request_object_algs_supported -><o:p></o:p></p>
<p class="MsoNormal"> request_object_signing_alg_values_supported<o:p></o:p></p>
<p class="MsoNormal"> request_object_encryption_alg_values_supported<o:p></o:p></p>
<p class="MsoNormal"> request_object_encryption_enc_values_supported<o:p></o:p></p>
<p class="MsoNormal"> token_endpoint_auth_algs_supported -><o:p></o:p></p>
<p class="MsoNormal"> token_endpoint_auth_signing_alg_values_supported<o:p></o:p></p>
<p class="MsoNormal"> require_signed_request_object -><o:p></o:p></p>
<p class="MsoNormal"> request_object_signing_alg<o:p></o:p></p>
<p class="MsoNormal">Parameters deleted:<o:p></o:p></p>
<p class="MsoNormal"> userinfo_encrypted_response_int<o:p></o:p></p>
<p class="MsoNormal"> id_token_encrypted_response_int<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">People should update their Connect code accordingly, as well as their JWE code.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">There were changes to all the Connect specifications. There are links to the new versions at
<a href="http://openid.bitbucket.org/">http://openid.bitbucket.org/</a>. Direct links are:<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.bitbucket.org/openid-connect-basic-1_0.html">http://openid.bitbucket.org/openid-connect-basic-1_0.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.bitbucket.org/openid-connect-implicit-1_0.html">http://openid.bitbucket.org/openid-connect-implicit-1_0.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.bitbucket.org/openid-connect-messages-1_0.html">http://openid.bitbucket.org/openid-connect-messages-1_0.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.bitbucket.org/openid-connect-standard-1_0.html">http://openid.bitbucket.org/openid-connect-standard-1_0.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.bitbucket.org/openid-connect-discovery-1_0.html">http://openid.bitbucket.org/openid-connect-discovery-1_0.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.bitbucket.org/openid-connect-registration-1_0.html">http://openid.bitbucket.org/openid-connect-registration-1_0.html</a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://openid.bitbucket.org/openid-connect-session-1_0.html">http://openid.bitbucket.org/openid-connect-session-1_0.html</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hopefully this will be the last major set of breaking changes. Please write if you have any questions.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> -- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>