ÿþ<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=unicode">
<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 14">
<meta name=Originator content="Microsoft Word 14">
<link rel=File-List href="openid-connect-migration-1_0-03_files/filelist.xml">
<link rel=Edit-Time-Data
href="openid-connect-migration-1_0-03_files/editdata.mso">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<title>OpenID 2.0 to OpenID Connect Migration 1.0 - draft 03</title>
<!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Author>Mike Jones</o:Author>
  <o:LastAuthor>Mike Jones</o:LastAuthor>
  <o:Revision>3</o:Revision>
  <o:TotalTime>35</o:TotalTime>
  <o:Created>2014-08-09T00:09:00Z</o:Created>
  <o:LastSaved>2014-08-09T00:52:00Z</o:LastSaved>
  <o:Pages>8</o:Pages>
  <o:Words>4259</o:Words>
  <o:Characters>24279</o:Characters>
  <o:Company>Microsoft Corporation</o:Company>
  <o:Lines>202</o:Lines>
  <o:Paragraphs>56</o:Paragraphs>
  <o:CharactersWithSpaces>28482</o:CharactersWithSpaces>
  <o:Version>14.00</o:Version>
 </o:DocumentProperties>
 <o:OfficeDocumentSettings>
  <o:AllowPNG/>
 </o:OfficeDocumentSettings>
</xml><![endif]-->
<link rel=themeData href="openid-connect-migration-1_0-03_files/themedata.thmx">
<link rel=colorSchemeMapping
href="openid-connect-migration-1_0-03_files/colorschememapping.xml">
<!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:Zoom>110</w:Zoom>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:TrackRevisions/>
  <w:TrackMoves>false</w:TrackMoves>
  <w:TrackFormatting/>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:DoNotPromoteQF/>
  <w:LidThemeOther>EN-US</w:LidThemeOther>
  <w:LidThemeAsian>X-NONE</w:LidThemeAsian>
  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:SplitPgBreakAndParaMark/>
  </w:Compatibility>
  <m:mathPr>
   <m:mathFont m:val="Cambria Math"/>
   <m:brkBin m:val="before"/>
   <m:brkBinSub m:val="&#45;-"/>
   <m:smallFrac m:val="off"/>
   <m:dispDef/>
   <m:lMargin m:val="0"/>
   <m:rMargin m:val="0"/>
   <m:defJc m:val="centerGroup"/>
   <m:wrapIndent m:val="1440"/>
   <m:intLim m:val="subSup"/>
   <m:naryLim m:val="undOvr"/>
  </m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
  LatentStyleCount="267">
  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
  <w:LsdException Locked="false" Priority="9" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
  <w:LsdException Locked="false" Priority="9" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="heading 2"/>
  <w:LsdException Locked="false" Priority="9" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="heading 3"/>
  <w:LsdException Locked="false" Priority="9" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="heading 4"/>
  <w:LsdException Locked="false" Priority="9" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="heading 5"/>
  <w:LsdException Locked="false" Priority="9" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="heading 6"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
  <w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
   UnhideWhenUsed="false" Name="Table Grid"/>
  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 1"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 2"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 3"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 4"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 5"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 6"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
 </w:LatentStyles>
</xml><![endif]--><![if !supportAnnotations]>
<style id="dynCom" type="text/css"><!-- --></style>
<script language="JavaScript"><!--
function msoCommentShow(anchor_id, com_id)
{
       if(msoBrowserCheck()) 
              {
              c = document.all(com_id);
              a = document.all(anchor_id);
              if (null != c && null == c.length && null != a && null == a.length)
                     {
                     var cw = c.offsetWidth;
                     var ch = c.offsetHeight;
                     var aw = a.offsetWidth;
                     var ah = a.offsetHeight;
                     var x  = a.offsetLeft;
                     var y  = a.offsetTop;
                     var el = a;
                     while (el.tagName != "BODY") 
                            {
                            el = el.offsetParent;
                            x = x + el.offsetLeft;
                            y = y + el.offsetTop;
                            }
                     var bw = document.body.clientWidth;
                     var bh = document.body.clientHeight;
                     var bsl = document.body.scrollLeft;
                     var bst = document.body.scrollTop;
                     if (x + cw + ah / 2 > bw + bsl && x + aw - ah / 2 - cw >= bsl ) 
                            { c.style.left = x + aw - ah / 2 - cw; }
                     else 
                            { c.style.left = x + ah / 2; }
                     if (y + ch + ah / 2 > bh + bst && y + ah / 2 - ch >= bst ) 
                            { c.style.top = y + ah / 2 - ch; }
                     else 
                            { c.style.top = y + ah / 2; }
                     c.style.visibility = "visible";
}     }     }
function msoCommentHide(com_id) 
{
       if(msoBrowserCheck())
              {
              c = document.all(com_id);
              if (null != c && null == c.length)
              {
              c.style.visibility = "hidden";
              c.style.left = -1000;
              c.style.top = -1000;
              } } 
}
function msoBrowserCheck()
{
       ms = navigator.appVersion.indexOf("MSIE");
       vers = navigator.appVersion.substring(ms + 5, ms + 6);
       ie4 = (ms > 0) && (parseInt(vers) >= 4);
       return ie4;
}
if (msoBrowserCheck())
{
       document.styleSheets.dynCom.addRule(".msocomanchor","background: infobackground");
       document.styleSheets.dynCom.addRule(".msocomoff","display: none");
       document.styleSheets.dynCom.addRule(".msocomtxt","visibility: hidden");
       document.styleSheets.dynCom.addRule(".msocomtxt","position: absolute");
       document.styleSheets.dynCom.addRule(".msocomtxt","top: -1000");
       document.styleSheets.dynCom.addRule(".msocomtxt","left: -1000");
       document.styleSheets.dynCom.addRule(".msocomtxt","width: 33%");
       document.styleSheets.dynCom.addRule(".msocomtxt","background: infobackground");
       document.styleSheets.dynCom.addRule(".msocomtxt","color: infotext");
       document.styleSheets.dynCom.addRule(".msocomtxt","border-top: 1pt solid threedlightshadow");
       document.styleSheets.dynCom.addRule(".msocomtxt","border-right: 2pt solid threedshadow");
       document.styleSheets.dynCom.addRule(".msocomtxt","border-bottom: 2pt solid threedshadow");
       document.styleSheets.dynCom.addRule(".msocomtxt","border-left: 1pt solid threedlightshadow");
       document.styleSheets.dynCom.addRule(".msocomtxt","padding: 3pt 3pt 3pt 3pt");
       document.styleSheets.dynCom.addRule(".msocomtxt","z-index: 100");
}
// --></script>
<![endif]>
<style>
<!--a.INFO
       {position:relative;
       z-index:24;}
a.INFO:hover
       {z-index:25;}
a.INFO:hover span.INFO
       {left:-5em;
       position:absolute;
       top:2em;}

 /* Font Definitions */
 @font-face
       {font-family:Helvetica;
       panose-1:2 11 6 4 2 2 2 2 2 4;
       mso-font-charset:0;
       mso-generic-font-family:swiss;
       mso-font-pitch:variable;
       mso-font-signature:-536859905 -1073711037 9 0 511 0;}
@font-face
       {font-family:Helvetica;
       panose-1:2 11 6 4 2 2 2 2 2 4;
       mso-font-charset:0;
       mso-generic-font-family:swiss;
       mso-font-pitch:variable;
       mso-font-signature:-536859905 -1073711037 9 0 511 0;}
@font-face
       {font-family:Tahoma;
       panose-1:2 11 6 4 3 5 4 4 2 4;
       mso-font-charset:0;
       mso-generic-font-family:swiss;
       mso-font-pitch:variable;
       mso-font-signature:-520081665 -1073717157 41 0 66047 0;}
@font-face
       {font-family:Verdana;
       panose-1:2 11 6 4 3 5 4 4 2 4;
       mso-font-charset:0;
       mso-generic-font-family:swiss;
       mso-font-pitch:variable;
       mso-font-signature:-1593833729 1073750107 16 0 415 0;}
@font-face
       {font-family:Monaco;
       panose-1:0 0 0 0 0 0 0 0 0 0;
       mso-font-charset:0;
       mso-generic-font-family:modern;
       mso-font-format:other;
       mso-font-pitch:fixed;
       mso-font-signature:3 0 0 0 1 0;}
@font-face
       {font-family:Consolas;
       panose-1:2 11 6 9 2 2 4 3 2 4;
       mso-font-charset:0;
       mso-generic-font-family:roman;
       mso-font-format:other;
       mso-font-pitch:auto;
       mso-font-signature:0 0 0 0 0 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
       {mso-style-unhide:no;
       mso-style-qformat:yes;
       mso-style-parent:"";
       mso-margin-top-alt:auto;
       margin-right:0in;
       mso-margin-bottom-alt:auto;
       margin-left:0in;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       mso-believe-normal-left:yes;}
h1
       {mso-style-priority:9;
       mso-style-unhide:no;
       mso-style-qformat:yes;
       mso-style-link:"Heading 1 Char";
       mso-margin-top-alt:auto;
       margin-right:0in;
       mso-margin-bottom-alt:auto;
       margin-left:0in;
       text-align:right;
       mso-pagination:widow-orphan;
       mso-outline-level:1;
       font-size:24.0pt;
       font-family:"Helvetica","sans-serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:#990000;
       font-weight:bold;}
h2
       {mso-style-priority:9;
       mso-style-unhide:no;
       mso-style-qformat:yes;
       mso-style-link:"Heading 2 Char";
       mso-margin-top-alt:auto;
       margin-right:0in;
       mso-margin-bottom-alt:auto;
       margin-left:0in;
       mso-pagination:widow-orphan;
       mso-outline-level:2;
       font-size:18.0pt;
       font-family:"Helvetica","sans-serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       font-weight:bold;}
h3
       {mso-style-priority:9;
       mso-style-unhide:no;
       mso-style-qformat:yes;
       mso-style-link:"Heading 3 Char";
       mso-margin-top-alt:auto;
       margin-right:0in;
       mso-margin-bottom-alt:auto;
       margin-left:0in;
       mso-pagination:widow-orphan;
       mso-outline-level:3;
       font-size:13.5pt;
       font-family:"Helvetica","sans-serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:#333333;
       font-weight:bold;}
h4
       {mso-style-priority:9;
       mso-style-unhide:no;
       mso-style-qformat:yes;
       mso-style-link:"Heading 4 Char";
       mso-margin-top-alt:auto;
       margin-right:0in;
       mso-margin-bottom-alt:auto;
       margin-left:0in;
       mso-pagination:widow-orphan;
       mso-outline-level:4;
       font-size:12.0pt;
       font-family:"Helvetica","sans-serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       font-weight:bold;}
h5
       {mso-style-priority:9;
       mso-style-unhide:no;
       mso-style-qformat:yes;
       mso-style-link:"Heading 5 Char";
       mso-margin-top-alt:auto;
       margin-right:0in;
       mso-margin-bottom-alt:auto;
       margin-left:0in;
       mso-pagination:widow-orphan;
       mso-outline-level:5;
       font-size:10.0pt;
       font-family:"Helvetica","sans-serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       font-weight:bold;}
h6
       {mso-style-priority:9;
       mso-style-unhide:no;
       mso-style-qformat:yes;
       mso-style-link:"Heading 6 Char";
       mso-margin-top-alt:auto;
       margin-right:0in;
       mso-margin-bottom-alt:auto;
       margin-left:0in;
       mso-pagination:widow-orphan;
       mso-outline-level:6;
       font-size:7.5pt;
       font-family:"Helvetica","sans-serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       font-weight:bold;}
p.MsoCommentText, li.MsoCommentText, div.MsoCommentText
       {mso-style-noshow:yes;
       mso-style-priority:99;
       mso-style-link:"Comment Text Char";
       mso-margin-top-alt:auto;
       margin-right:0in;
       mso-margin-bottom-alt:auto;
       margin-left:0in;
       mso-pagination:widow-orphan;
       font-size:10.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;}
span.MsoCommentReference
       {mso-style-noshow:yes;
       mso-style-priority:99;
       mso-ansi-font-size:8.0pt;
       mso-bidi-font-size:8.0pt;}
a:link, span.MsoHyperlink
       {mso-style-noshow:yes;
       mso-style-priority:99;
       color:#990000;
       font-weight:bold;
       text-decoration:underline;
       text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
       {mso-style-noshow:yes;
       mso-style-priority:99;
       color:#663333;
       font-weight:bold;
       text-decoration:underline;
       text-underline:single;}
p
       {mso-style-noshow:yes;
       mso-style-priority:99;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;}
cite
       {mso-style-noshow:yes;
       mso-style-priority:99;
       font-weight:normal;
       font-style:normal;}
dfn
       {mso-style-noshow:yes;
       mso-style-priority:99;
       font-weight:bold;
       font-style:normal;}
pre
       {mso-style-noshow:yes;
       mso-style-priority:99;
       mso-style-link:"HTML Preformatted Char";
       margin:0in;
       margin-bottom:.0001pt;
       mso-pagination:widow-orphan;
       tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
       background:#CCCCCC;
       font-size:12.0pt;
       font-family:"Courier New";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:black;}
tt
       {mso-style-noshow:yes;
       mso-style-priority:99;
       mso-ansi-font-size:12.0pt;
       mso-bidi-font-size:12.0pt;
       font-family:"Courier New";
       mso-ascii-font-family:"Courier New";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       mso-hansi-font-family:"Courier New";
       mso-bidi-font-family:"Courier New";
       color:#003366;}
p.MsoCommentSubject, li.MsoCommentSubject, div.MsoCommentSubject
       {mso-style-noshow:yes;
       mso-style-priority:99;
       mso-style-parent:"Comment Text";
       mso-style-link:"Comment Subject Char";
       mso-style-next:"Comment Text";
       mso-margin-top-alt:auto;
       margin-right:0in;
       mso-margin-bottom-alt:auto;
       margin-left:0in;
       mso-pagination:widow-orphan;
       font-size:10.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       font-weight:bold;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
       {mso-style-noshow:yes;
       mso-style-priority:99;
       mso-style-link:"Balloon Text Char";
       mso-margin-top-alt:auto;
       margin-right:0in;
       mso-margin-bottom-alt:auto;
       margin-left:0in;
       mso-pagination:widow-orphan;
       font-size:8.0pt;
       font-family:"Tahoma","sans-serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;}
span.Heading1Char
       {mso-style-name:"Heading 1 Char";
       mso-style-priority:9;
       mso-style-unhide:no;
       mso-style-locked:yes;
       mso-style-link:"Heading 1";
       mso-ansi-font-size:14.0pt;
       mso-bidi-font-size:14.0pt;
       font-family:"Cambria","serif";
       mso-ascii-font-family:Cambria;
       mso-ascii-theme-font:major-latin;
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:major-fareast;
       mso-hansi-font-family:Cambria;
       mso-hansi-theme-font:major-latin;
       mso-bidi-font-family:"Times New Roman";
       mso-bidi-theme-font:major-bidi;
       color:#365F91;
       mso-themecolor:accent1;
       mso-themeshade:191;
       font-weight:bold;}
span.Heading2Char
       {mso-style-name:"Heading 2 Char";
       mso-style-noshow:yes;
       mso-style-priority:9;
       mso-style-unhide:no;
       mso-style-locked:yes;
       mso-style-link:"Heading 2";
       mso-ansi-font-size:13.0pt;
       mso-bidi-font-size:13.0pt;
       font-family:"Cambria","serif";
       mso-ascii-font-family:Cambria;
       mso-ascii-theme-font:major-latin;
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:major-fareast;
       mso-hansi-font-family:Cambria;
       mso-hansi-theme-font:major-latin;
       mso-bidi-font-family:"Times New Roman";
       mso-bidi-theme-font:major-bidi;
       color:#4F81BD;
       mso-themecolor:accent1;
       font-weight:bold;}
span.Heading3Char
       {mso-style-name:"Heading 3 Char";
       mso-style-noshow:yes;
       mso-style-priority:9;
       mso-style-unhide:no;
       mso-style-locked:yes;
       mso-style-link:"Heading 3";
       mso-ansi-font-size:12.0pt;
       mso-bidi-font-size:12.0pt;
       font-family:"Cambria","serif";
       mso-ascii-font-family:Cambria;
       mso-ascii-theme-font:major-latin;
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:major-fareast;
       mso-hansi-font-family:Cambria;
       mso-hansi-theme-font:major-latin;
       mso-bidi-font-family:"Times New Roman";
       mso-bidi-theme-font:major-bidi;
       color:#4F81BD;
       mso-themecolor:accent1;
       font-weight:bold;}
span.Heading4Char
       {mso-style-name:"Heading 4 Char";
       mso-style-noshow:yes;
       mso-style-priority:9;
       mso-style-unhide:no;
       mso-style-locked:yes;
       mso-style-link:"Heading 4";
       mso-ansi-font-size:12.0pt;
       mso-bidi-font-size:12.0pt;
       font-family:"Cambria","serif";
       mso-ascii-font-family:Cambria;
       mso-ascii-theme-font:major-latin;
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:major-fareast;
       mso-hansi-font-family:Cambria;
       mso-hansi-theme-font:major-latin;
       mso-bidi-font-family:"Times New Roman";
       mso-bidi-theme-font:major-bidi;
       color:#4F81BD;
       mso-themecolor:accent1;
       font-weight:bold;
       font-style:italic;}
span.Heading5Char
       {mso-style-name:"Heading 5 Char";
       mso-style-noshow:yes;
       mso-style-priority:9;
       mso-style-unhide:no;
       mso-style-locked:yes;
       mso-style-link:"Heading 5";
       mso-ansi-font-size:12.0pt;
       mso-bidi-font-size:12.0pt;
       font-family:"Cambria","serif";
       mso-ascii-font-family:Cambria;
       mso-ascii-theme-font:major-latin;
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:major-fareast;
       mso-hansi-font-family:Cambria;
       mso-hansi-theme-font:major-latin;
       mso-bidi-font-family:"Times New Roman";
       mso-bidi-theme-font:major-bidi;
       color:#243F60;
       mso-themecolor:accent1;
       mso-themeshade:127;}
span.Heading6Char
       {mso-style-name:"Heading 6 Char";
       mso-style-noshow:yes;
       mso-style-priority:9;
       mso-style-unhide:no;
       mso-style-locked:yes;
       mso-style-link:"Heading 6";
       mso-ansi-font-size:12.0pt;
       mso-bidi-font-size:12.0pt;
       font-family:"Cambria","serif";
       mso-ascii-font-family:Cambria;
       mso-ascii-theme-font:major-latin;
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:major-fareast;
       mso-hansi-font-family:Cambria;
       mso-hansi-theme-font:major-latin;
       mso-bidi-font-family:"Times New Roman";
       mso-bidi-theme-font:major-bidi;
       color:#243F60;
       mso-themecolor:accent1;
       mso-themeshade:127;
       font-style:italic;}
span.HTMLPreformattedChar
       {mso-style-name:"HTML Preformatted Char";
       mso-style-noshow:yes;
       mso-style-priority:99;
       mso-style-unhide:no;
       mso-style-locked:yes;
       mso-style-link:"HTML Preformatted";
       font-family:"Consolas","serif";
       mso-ascii-font-family:Consolas;
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       mso-hansi-font-family:Consolas;}
p.copyright, li.copyright, div.copyright
       {mso-style-name:copyright;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:10.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;}
p.toc, li.toc, div.toc
       {mso-style-name:toc;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:.5in;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       font-weight:bold;}
p.key, li.key, div.key
       {mso-style-name:key;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;}
p.id, li.id, div.id
       {mso-style-name:id;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;}
p.str, li.str, div.str
       {mso-style-name:str;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;}
p.val, li.val, div.val
       {mso-style-name:val;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;}
p.rep, li.rep, div.rep
       {mso-style-name:rep;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;}
p.oth, li.oth, div.oth
       {mso-style-name:oth;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;}
p.err, li.err, div.err
       {mso-style-name:err;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;}
span.rfc1
       {mso-style-name:rfc1;
       mso-style-unhide:no;
       font-family:Monaco;
       mso-ascii-font-family:Monaco;
       mso-hansi-font-family:Monaco;
       color:#666666;
       font-weight:bold;}
span.hottext1
       {mso-style-name:hottext1;
       mso-style-unhide:no;
       font-family:Monaco;
       mso-ascii-font-family:Monaco;
       mso-hansi-font-family:Monaco;
       color:white;
       font-weight:normal;}
span.info1
       {mso-style-name:info1;
       mso-style-unhide:no;
       mso-ansi-font-size:10.0pt;
       mso-bidi-font-size:10.0pt;
       color:#990000;
       mso-hide:none;
       border:solid #333333 1.0pt;
       mso-border-alt:solid #333333 .75pt;
       padding:2.0pt;
       background:#EEEEEE;}
p.key1, li.key1, div.key1
       {mso-style-name:key1;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:#3333CC;
       font-weight:bold;}
p.id1, li.id1, div.id1
       {mso-style-name:id1;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:#990000;}
p.str1, li.str1, div.str1
       {mso-style-name:str1;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       background:#CCFFFF;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:black;}
p.val1, li.val1, div.val1
       {mso-style-name:val1;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:#006666;}
p.rep1, li.rep1, div.rep1
       {mso-style-name:rep1;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:#990099;}
p.oth1, li.oth1, div.oth1
       {mso-style-name:oth1;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       background:#FFCCFF;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:black;}
p.err1, li.err1, div.err1
       {mso-style-name:err1;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       background:#FFCCCC;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;}
span.rfc2
       {mso-style-name:rfc2;
       mso-style-unhide:no;
       font-family:Monaco;
       mso-ascii-font-family:Monaco;
       mso-hansi-font-family:Monaco;
       color:#666666;
       font-weight:bold;}
span.hottext2
       {mso-style-name:hottext2;
       mso-style-unhide:no;
       font-family:Monaco;
       mso-ascii-font-family:Monaco;
       mso-hansi-font-family:Monaco;
       color:white;
       font-weight:normal;}
span.info2
       {mso-style-name:info2;
       mso-style-unhide:no;
       mso-ansi-font-size:10.0pt;
       mso-bidi-font-size:10.0pt;
       color:#990000;
       mso-hide:none;
       border:solid #333333 1.0pt;
       mso-border-alt:solid #333333 .75pt;
       padding:2.0pt;
       background:#EEEEEE;}
p.key2, li.key2, div.key2
       {mso-style-name:key2;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:#3333CC;
       font-weight:bold;}
p.id2, li.id2, div.id2
       {mso-style-name:id2;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:#990000;}
p.str2, li.str2, div.str2
       {mso-style-name:str2;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       background:#CCFFFF;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:black;}
p.val2, li.val2, div.val2
       {mso-style-name:val2;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:#006666;}
p.rep2, li.rep2, div.rep2
       {mso-style-name:rep2;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:#990099;}
p.oth2, li.oth2, div.oth2
       {mso-style-name:oth2;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       background:#FFCCFF;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       color:black;}
p.err2, li.err2, div.err2
       {mso-style-name:err2;
       mso-style-unhide:no;
       mso-margin-top-alt:auto;
       margin-right:24.0pt;
       mso-margin-bottom-alt:auto;
       margin-left:24.0pt;
       mso-pagination:widow-orphan;
       background:#FFCCCC;
       font-size:12.0pt;
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;}
span.CommentTextChar
       {mso-style-name:"Comment Text Char";
       mso-style-noshow:yes;
       mso-style-priority:99;
       mso-style-unhide:no;
       mso-style-locked:yes;
       mso-style-link:"Comment Text";
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;}
span.CommentSubjectChar
       {mso-style-name:"Comment Subject Char";
       mso-style-noshow:yes;
       mso-style-priority:99;
       mso-style-unhide:no;
       mso-style-locked:yes;
       mso-style-parent:"Comment Text Char";
       mso-style-link:"Comment Subject";
       font-family:"Times New Roman","serif";
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       font-weight:bold;}
span.BalloonTextChar
       {mso-style-name:"Balloon Text Char";
       mso-style-noshow:yes;
       mso-style-priority:99;
       mso-style-unhide:no;
       mso-style-locked:yes;
       mso-style-link:"Balloon Text";
       mso-ansi-font-size:8.0pt;
       mso-bidi-font-size:8.0pt;
       font-family:"Tahoma","sans-serif";
       mso-ascii-font-family:Tahoma;
       mso-fareast-font-family:"Times New Roman";
       mso-fareast-theme-font:minor-fareast;
       mso-hansi-font-family:Tahoma;
       mso-bidi-font-family:Tahoma;}
span.msoIns
       {mso-style-type:export-only;
       mso-style-name:"";
       text-decoration:underline;
       text-underline:single;
       color:teal;}
span.msoDel
       {mso-style-type:export-only;
       mso-style-name:"";
       text-decoration:line-through;
       color:red;}
span.GramE
       {mso-style-name:"";
       mso-gram-e:yes;}
.MsoChpDefault
       {mso-style-type:export-only;
       mso-default-props:yes;
       font-size:10.0pt;
       mso-ansi-font-size:10.0pt;
       mso-bidi-font-size:10.0pt;}
@page WordSection1
       {size:8.5in 11.0in;
       margin:1.0in 1.0in 1.0in 1.0in;
       mso-header-margin:.5in;
       mso-footer-margin:.5in;
       mso-paper-source:0;}
div.WordSection1
       {page:WordSection1;}
 /* List Definitions */
 @list l0
       {mso-list-id:568001262;
       mso-list-template-ids:737596674;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */
 table.MsoNormalTable
       {mso-style-name:"Table Normal";
       mso-tstyle-rowband-size:0;
       mso-tstyle-colband-size:0;
       mso-style-noshow:yes;
       mso-style-priority:99;
       mso-style-parent:"";
       mso-padding-alt:0in 5.4pt 0in 5.4pt;
       mso-para-margin:0in;
       mso-para-margin-bottom:.0001pt;
       mso-pagination:widow-orphan;
       font-size:10.0pt;
       font-family:"Times New Roman","serif";}
</style>
<![endif]--><![if mso 9]>
<style>
p.MsoNormal
       {margin-left:24.0pt;}
</style>
<![endif]>
<meta name=description
content="OpenID 2.0 to&#10;    OpenID Connect Migration 1.0 - draft 03">
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026"/>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1"/>
 </o:shapelayout></xml><![endif]-->
</head>

<body bgcolor=white lang=EN-US link="#990000" vlink="#663333" style='tab-interval:
.5in;margin-left:24.0pt;margin-top:24.0pt;margin-right:24.0pt;margin-bottom:
24.0pt'>

<div class=WordSection1>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0
 summary=layout width="66%" style='width:66.0%;mso-cellspacing:0in;mso-yfti-tbllook:
 1184;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes'>
  <td style='padding:0in 0in 0in 0in'>
  <table class=MsoNormalTable border=0 cellspacing=1 cellpadding=0
   summary=layout width="100%" style='width:100.0%;mso-cellspacing:.7pt;
   mso-yfti-tbllook:1184;mso-padding-alt:1.5pt 1.5pt 1.5pt 1.5pt'>
   <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes'>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>OpenID Connect Working Group<o:p></o:p></span></p>
    </td>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>N. Sakimura<o:p></o:p></span></p>
    </td>
   </tr>
   <tr style='mso-yfti-irow:1'>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>OIDF-Draft<o:p></o:p></span></p>
    </td>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>NRI<o:p></o:p></span></p>
    </td>
   </tr>
   <tr style='mso-yfti-irow:2'>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>Intended status: Standards Track<o:p></o:p></span></p>
    </td>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>J. Bradley<o:p></o:p></span></p>
    </td>
   </tr>
   <tr style='mso-yfti-irow:3'>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>Expires: February 9, 2015<o:p></o:p></span></p>
    </td>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>Ping Identity<o:p></o:p></span></p>
    </td>
   </tr>
   <tr style='mso-yfti-irow:4'>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>&nbsp;<o:p></o:p></span></p>
    </td>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>N. Agarwal<o:p></o:p></span></p>
    </td>
   </tr>
   <tr style='mso-yfti-irow:5'>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>&nbsp;<o:p></o:p></span></p>
    </td>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>Google<o:p></o:p></span></p>
    </td>
   </tr>
   <tr style='mso-yfti-irow:6'>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>&nbsp;<o:p></o:p></span></p>
    </td>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>E. Jay<o:p></o:p></span></p>
    </td>
   </tr>
   <tr style='mso-yfti-irow:7'>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>&nbsp;<o:p></o:p></span></p>
    </td>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>Illumila<o:p></o:p></span></p>
    </td>
   </tr>
   <tr style='mso-yfti-irow:8;mso-yfti-lastrow:yes'>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>&nbsp;<o:p></o:p></span></p>
    </td>
    <td width="33%" valign=top style='width:33.0%;background:#666666;
    padding:1.5pt 1.5pt 1.5pt 1.5pt'>
    <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
    style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:
    "Times New Roman";color:white'>August 08, 2014<o:p></o:p></span></p>
    </td>
   </tr>
  </table>
  </td>
 </tr>
</table>

<h1><span lang=EN style='mso-fareast-font-family:"Times New Roman";mso-ansi-language:
EN'><br>
OpenID 2.0 to OpenID Connect Migration 1.0 - draft 03<br>
openid-connect-openid2-migration-1_0<o:p></o:p></span></h1>

<h3><span lang=EN style='mso-fareast-font-family:"Times New Roman";mso-ansi-language:
EN'>Abstract<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>This specification defines how an OpenID Authentication
2.0 relying party can migrate the user from OpenID 2.0 identifier to OpenID
Connect Identifier by using an ID Token that includes the OpenID 2.0 verified
claimed ID. In this specification, the method to request such an additional
claim and the method for the verification of the resulting ID Token is
specified. <o:p></o:p></span></p>

<h3><span lang=EN style='mso-fareast-font-family:"Times New Roman";mso-ansi-language:
EN'>Status of this Memo<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>OIDF-Drafts are working documents of the OpenID
Foundation (OIDF). <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>OIDF-Drafts are draft documents valid for a maximum of
six months and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use OIDF-Drafts as reference material or to cite
them other than as  work in progress. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>This OIDF-Draft will expire on February 9, 2015.<o:p></o:p></span></p>

<h3><span lang=EN style='mso-fareast-font-family:"Times New Roman";mso-ansi-language:
EN'>Copyright Notice<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Copyright © OpenID Foundation (2014). All Rights
Reserved.<o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=toc></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<h3><span lang=EN style='mso-fareast-font-family:"Times New Roman";mso-ansi-language:
EN'>Table of Contents<o:p></o:p></span></h3>

<p class=toc><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'><a href="#Introduction">1.</a>&nbsp;
Introduction<br>
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#rnc">1.1.</a>&nbsp; Requirements Notation and
Conventions<br>
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#Terminology">1.2.</a>&nbsp; Terminology<br>
<a href="#RequestOpenid2Id">2.</a>&nbsp; Requesting the OpenID 2.0 Identifier
and <a style='mso-comment-reference:mbj_1;mso-comment-date:20140808T1744'><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:14">OpenID
</ins></span></a></span><span class=MsoCommentReference><span style='font-size:
8.0pt;font-weight:normal'><span class=msoIns><ins cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:14"><![if !supportAnnotations]><a class=msocomanchor
id="_anchor_1" onmouseover="msoCommentShow('_anchor_1','_com_1')"
onmouseout="msoCommentHide('_com_1')" href="#_msocom_1" language=JavaScript
name="_msoanchor_1"><u><font color=teal>[mbj1]</font></u></a><![endif]><span
style='mso-special-character:comment'>&nbsp;</span></ins></span></span></span><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'>Connect <a style='mso-comment-reference:mbj_2;mso-comment-date:20140808T1744'>iss/sub</a></span><span
class=MsoCommentReference><span style='font-size:8.0pt;font-weight:normal'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_2"
onmouseover="msoCommentShow('_anchor_2','_com_2')"
onmouseout="msoCommentHide('_com_2')" href="#_msocom_2" language=JavaScript
name="_msoanchor_2">[mbj2]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'> <a style='mso-comment-reference:mbj_3;
mso-comment-date:20140808T1744'>pair together</a></span><span
class=MsoCommentReference><span style='font-size:8.0pt;font-weight:normal'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_3"
onmouseover="msoCommentShow('_anchor_3','_com_3')"
onmouseout="msoCommentHide('_com_3')" href="#_msocom_3" language=JavaScript
name="_msoanchor_3">[mbj3]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'><br>
<a href="#VerifyRP">3.</a>&nbsp; Verification of the Relying Party by the <span
class=msoDel><del cite="mailto:Mike%20Jones" datetime="2014-08-08T17:15">OP</del></span><a
style='mso-comment-reference:mbj_4;mso-comment-date:20140808T1744'><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:15">OpenID
Provider</ins></span></a></span><span class=MsoCommentReference><span
style='font-size:8.0pt;font-weight:normal'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:15"><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_4"
onmouseover="msoCommentShow('_anchor_4','_com_4')"
onmouseout="msoCommentHide('_com_4')" href="#_msocom_4" language=JavaScript
name="_msoanchor_4"><u><font color=teal>[mbj4]</font></u></a><![endif]><span
style='mso-special-character:comment'>&nbsp;</span></ins></span></span></span><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'><br>
<a href="#ReturnOpenID2ID">4.</a>&nbsp; Returning the OpenID 2.0 Identifier<br>
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ErrorResponses">4.1.</a>&nbsp; Error
Responses<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a style='mso-comment-reference:
mbj_5;mso-comment-date:20140808T1744'></a><a href="#anchor1"><span
style='mso-comment-continuation:5'>4.1.1.</span></a></span><span
class=MsoCommentReference><span style='font-size:8.0pt;font-weight:normal'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_5"
onmouseover="msoCommentShow('_anchor_5','_com_5')"
onmouseout="msoCommentHide('_com_5')" href="#_msocom_5" language=JavaScript
name="_msoanchor_5">[mbj5]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'>&nbsp; Scope <a style='mso-comment-reference:
mbj_6;mso-comment-date:20140808T1744'>openid2</a></span><span
class=MsoCommentReference><span style='font-size:8.0pt;font-weight:normal'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_6"
onmouseover="msoCommentShow('_anchor_6','_com_6')"
onmouseout="msoCommentHide('_com_6')" href="#_msocom_6" language=JavaScript
name="_msoanchor_6">[mbj6]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'> not supported<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#anchor2">4.1.2.</a>&nbsp;
No Associated OpenID 2.0 Identifier <a style='mso-comment-reference:mbj_7;
mso-comment-date:20140808T1744'>found</a></span><span
class=MsoCommentReference><span style='font-size:8.0pt;font-weight:normal'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_7"
onmouseover="msoCommentShow('_anchor_7','_com_7')"
onmouseout="msoCommentHide('_com_7')" href="#_msocom_7" language=JavaScript
name="_msoanchor_7">[mbj7]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'><br>
<a href="#VerifyIDToken">5.</a>&nbsp; Verification of the ID Token<br>
<a href="#VerifyOPAuthority">6.</a>&nbsp; Verification <span class=msoDel><del
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:16">of the authoritativeness
of the</del></span><span class=msoIns><ins cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:16">that the OpenID</ins></span> Connect OP<span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:16"> <a
style='mso-comment-reference:mbj_8;mso-comment-date:20140808T1744'>is
Authoritative</a></ins></span></span><span class=MsoCommentReference><span
style='font-size:8.0pt;font-weight:normal'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:17"><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_8"
onmouseover="msoCommentShow('_anchor_8','_com_8')"
onmouseout="msoCommentHide('_com_8')" href="#_msocom_8" language=JavaScript
name="_msoanchor_8"><u><font color=teal>[mbj8]</font></u></a><![endif]><span
style='mso-special-character:comment'>&nbsp;</span></ins></span></span></span><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'><br>
<a href="#AssociateIdentifiers">7.</a>&nbsp; Associating the <a
style='mso-comment-reference:mbj_9;mso-comment-date:20140808T1744'>existing </a></span><span
class=MsoCommentReference><span style='font-size:8.0pt;font-weight:normal'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_9"
onmouseover="msoCommentShow('_anchor_9','_com_9')"
onmouseout="msoCommentHide('_com_9')" href="#_msocom_9" language=JavaScript
name="_msoanchor_9">[mbj9]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'>OpenID 2.0 <a style='mso-comment-reference:
mbj_10;mso-comment-date:20140808T1744'>account </a></span><span
class=MsoCommentReference><span style='font-size:8.0pt;font-weight:normal'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_10"
onmouseover="msoCommentShow('_anchor_10','_com_10')"
onmouseout="msoCommentHide('_com_10')" href="#_msocom_10" language=JavaScript
name="_msoanchor_10">[mbj10]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'>with the OpenID Connect <a style='mso-comment-reference:
mbj_11;mso-comment-date:20140808T1744'>identifier</a></span><span
class=MsoCommentReference><span style='font-size:8.0pt;font-weight:normal'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_11"
onmouseover="msoCommentShow('_anchor_11','_com_11')"
onmouseout="msoCommentHide('_com_11')" href="#_msocom_11" language=JavaScript
name="_msoanchor_11">[mbj11]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'><br>
<a href="#ImplementationConsiderations">8.</a>&nbsp; Implementation
Considerations<br>
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#anchor3">8.1.</a>&nbsp; After <a
style='mso-comment-reference:mbj_12;mso-comment-date:20140808T1744'><span
class=msoDel><del cite="mailto:Mike%20Jones" datetime="2014-08-08T17:18">EOL </del></span><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:18">End-of-Life</ins></span></a></span><span
class=MsoCommentReference><span style='font-size:8.0pt;font-weight:normal'><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:19"><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_12"
onmouseover="msoCommentShow('_anchor_12','_com_12')"
onmouseout="msoCommentHide('_com_12')" href="#_msocom_12" language=JavaScript
name="_msoanchor_12"><u><font color=teal>[mbj12]</font></u></a><![endif]><span
style='mso-special-character:comment'>&nbsp;</span></ins></span></span></span><span
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:18"> </ins></span><span
lang=EN>of <span class=msoIns><ins cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:18">the </ins></span>OpenID 2.0 OP<br>
<a href="#PrivacyConsiderations">9.</a>&nbsp; Privacy Considerations<br>
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#anchor4">9.1.</a>&nbsp; Correlation<br>
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#anchor5">9.2.</a>&nbsp; Identification by <a
style='mso-comment-reference:mbj_13;mso-comment-date:20140808T1744'>other
parties</a></span></span><span class=MsoCommentReference><span
style='font-size:8.0pt;font-weight:normal'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_13"
onmouseover="msoCommentShow('_anchor_13','_com_13')"
onmouseout="msoCommentHide('_com_13')" href="#_msocom_13" language=JavaScript
name="_msoanchor_13">[mbj13]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'><br>
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#anchor6">9.3.</a>&nbsp; Secondary Use<br>
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#anchor7">9.4.</a>&nbsp; Disclosure<br>
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#anchor8">9.5.</a>&nbsp; Exclusion<br>
<a href="#Security">10.</a>&nbsp; Security Considerations<br>
<a href="#references">11.</a>&nbsp; <a style='mso-comment-reference:mbj_14;
mso-comment-date:20140808T1744'>References</a></span><span
class=MsoCommentReference><span style='font-size:8.0pt;font-weight:normal'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_14"
onmouseover="msoCommentShow('_anchor_14','_com_14')"
onmouseout="msoCommentHide('_com_14')" href="#_msocom_14" language=JavaScript
name="_msoanchor_14">[mbj14]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'><br>
<a href="#rfc.references1">12.</a>&nbsp; References<br>
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#rfc.references1">12.1.</a>&nbsp; Normative
References<br>
&nbsp;&nbsp;&nbsp;&nbsp;<a href="#rfc.references2">12.2.</a>&nbsp; Informative
References<br>
<a href="#anchor11">Appendix&nbsp;A.</a>&nbsp; Sequence Diagrams<br>
<a href="#anchor12">Appendix&nbsp;B.</a>&nbsp; <span class=msoDel><del
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:21">Difference to</del></span><a
style='mso-comment-reference:mbj_15;mso-comment-date:20140808T1744'><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:21">Differences
from</ins></span></a></span><span class=MsoCommentReference><span
style='font-size:8.0pt;font-weight:normal'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:21"><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_15"
onmouseover="msoCommentShow('_anchor_15','_com_15')"
onmouseout="msoCommentHide('_com_15')" href="#_msocom_15" language=JavaScript
name="_msoanchor_15"><u><font color=teal>[mbj15]</font></u></a><![endif]><span
style='mso-special-character:comment'>&nbsp;</span></ins></span></span></span><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'> Google s <a style='mso-comment-reference:mbj_16;mso-comment-date:20140808T1744'>migration
guide</a></span><span class=MsoCommentReference><span style='font-size:8.0pt;
font-weight:normal'><![if !supportAnnotations]><a class=msocomanchor
id="_anchor_16" onmouseover="msoCommentShow('_anchor_16','_com_16')"
onmouseout="msoCommentHide('_com_16')" href="#_msocom_16" language=JavaScript
name="_msoanchor_16">[mbj16]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'> as of June 3, 2014 <br>
<a href="#Acknowledgements">Appendix&nbsp;C.</a>&nbsp; Acknowledgements<br>
<a href="#Notices">Appendix&nbsp;D.</a>&nbsp; Notices<br>
<a href="#rfc.authors">§</a>&nbsp; Authors' Addresses<br>
<a href="#rfc.copyright">§</a>&nbsp; <a style='mso-comment-reference:mbj_17;
mso-comment-date:20140808T1744'>Intellectual Property and Copyright Statements</a></span><span
class=MsoCommentReference><span style='font-size:8.0pt;font-weight:normal'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_17"
onmouseover="msoCommentShow('_anchor_17','_com_17')"
onmouseout="msoCommentHide('_com_17')" href="#_msocom_17" language=JavaScript
name="_msoanchor_17">[mbj17]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'><o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span lang=EN
style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><br clear=all style='mso-special-character:
line-break'>
<a name=Introduction></a><o:p></o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.1></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>1.&nbsp; Introduction<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>OpenID Authentication 2.0 is a popular authentication
federation protocol through which the relying party can obtain the user s verified
identifier from the OpenID Provider (OP) to which the user was authenticated.
OpenID Connect is a newer <a style='mso-comment-reference:mbj_18;mso-comment-date:
20140808T1747'><span class=msoDel><del cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:47">version of it</del></span></a></span><span
class=MsoCommentReference><span style='font-size:8.0pt'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_18"
onmouseover="msoCommentShow('_anchor_18','_com_18')"
onmouseout="msoCommentHide('_com_18')" href="#_msocom_18" language=JavaScript
name="_msoanchor_18">[mbj18]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:47">related authentication
protocol</ins></span> but the identifier format is different and thus relying
parties need to <span class=GramE>migrate</span> those user identifiers to
continue accepting <span class=msoDel><del cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:47">such </del></span><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:47">these </ins></span>users.
<o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>In this specification, a standard method for this kind of
migration on a <span class=msoDel><del cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:48">per </del></span><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:48">per-</ins></span>user
basis is described. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=rnc></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.1.1></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>1.1.&nbsp; Requirements Notation and
Conventions<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>The key words &quot;MUST&quot;, &quot;MUST NOT&quot;,
&quot;REQUIRED&quot;, &quot;SHALL&quot;, &quot;SHALL NOT&quot;,
&quot;SHOULD&quot;, &quot;SHOULD NOT&quot;, &quot;RECOMMENDED&quot;,
&quot;MAY&quot;, and &quot;OPTIONAL&quot; in this document are to be
interpreted as described in <a href="#RFC2119"><b><span style='text-decoration:
none;text-underline:none'>RFC 2119<span style='display:none;mso-hide:all'>
(Bradner, S.,  Key words for use in RFCs to Indicate Requirement Levels, 
March&nbsp;1997.)</span></span></b></a> [RFC2119]. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>In the .txt version of this document, values are quoted
to indicate that they are to be taken literally. When using these values in
protocol messages, the quotes MUST NOT be used as part of the value. In the
HTML version of this document, values to be taken literally are indicated by
the use of </span><tt><span lang=EN style='mso-ansi-language:EN'>this
fixed-width font</span></tt><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'>. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=Terminology></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.1.2></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>1.2.&nbsp; Terminology<o:p></o:p></span></h3>

<p><a style='mso-comment-reference:mbj_19;mso-comment-date:20140808T1744'><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'><span class=msoDel><del cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:27">For the purpose of this specification,</del></span></span></a><span
class=MsoCommentReference><span style='font-size:8.0pt'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_19"
onmouseover="msoCommentShow('_anchor_19','_com_19')"
onmouseout="msoCommentHide('_com_19')" href="#_msocom_19" language=JavaScript
name="_msoanchor_19">[mbj19]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'><span class=msoDel><del
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:27"> t</del></span><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:27">T</ins></span>he
terms defined in<a style='mso-comment-reference:mbj_20;mso-comment-date:20140808T1744'><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:24"> </ins></span></a></span><span
class=MsoCommentReference><span style='font-size:8.0pt'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:24"><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_20"
onmouseover="msoCommentShow('_anchor_20','_com_20')"
onmouseout="msoCommentHide('_com_20')" href="#_msocom_20" language=JavaScript
name="_msoanchor_20"><u><font color=teal>[mbj20]</font></u></a><![endif]><span
style='mso-special-character:comment'>&nbsp;</span></ins></span></span></span><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'><a href="#OpenID.Core"><b><span style='text-decoration:none;text-underline:
none'>OpenID Connect Core 1.0<span style='display:none;mso-hide:all'>
(Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., and C. Mortimore,
 OpenID Connect Core 1.0,  February&nbsp;2014.)</span></span></b></a>
[OpenID.Core] and <a href="#OpenID.2.0"><b><span style='text-decoration:none;
text-underline:none'>OpenID Authentication 2.0<span style='display:none;
mso-hide:all'> (OpenID Foundation,  OpenID Authentication 2.0, 
December&nbsp;2007.)</span></span></b></a> [OpenID.2.0] <span class=msoDel><del
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:27">is </del></span><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:27">are </ins></span>used<span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:27"> by
this specification</ins></span>. Where a same term is defined in both
specifications, the term defined in OpenID Connect Core takes precedence. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>This specification also defines the following terms: <o:p></o:p></span></p>

<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span lang=EN
style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'>OpenID 2.0 Identifier<o:p></o:p></span></p>

<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:0in;
margin-left:.5in;margin-bottom:.0001pt'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>Verified
user identifier <span class=msoDel><del cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:25">of </del></span><a style='mso-comment-reference:
mbj_21;mso-comment-date:20140808T1744'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:25">as specified by</ins></span></a></span><span
class=MsoCommentReference><span style='font-size:8.0pt'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:25"><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_21"
onmouseover="msoCommentShow('_anchor_21','_com_21')"
onmouseout="msoCommentHide('_com_21')" href="#_msocom_21" language=JavaScript
name="_msoanchor_21"><u><font color=teal>[mbj21]</font></u></a><![endif]><span
style='mso-special-character:comment'>&nbsp;</span></ins></span></span></span><span
style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:25"> </ins></span><span
lang=EN>OpenID Authentication 2.0. <o:p></o:p></span></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span lang=EN
style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:48">OpenID </ins></span><a
style='mso-comment-reference:mbj_22;mso-comment-date:20140808T1744'>Connect OP</a></span><span
class=MsoCommentReference><span style='font-size:8.0pt'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_22"
onmouseover="msoCommentShow('_anchor_22','_com_22')"
onmouseout="msoCommentHide('_com_22')" href="#_msocom_22" language=JavaScript
name="_msoanchor_22">[mbj22]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p></o:p></span></p>

<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:0in;
margin-left:.5in;margin-bottom:.0001pt'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>OpenID
Connect <span class=msoIns><ins cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:25">OpenID Provider </ins></span>OP <o:p></o:p></span></p>

</blockquote>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=RequestOpenid2Id></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.2></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>2.&nbsp; Requesting the OpenID 2.0
Identifier and Connect iss/sub pair together<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>To obtain the OpenID 2.0 Identifier, the RP sends a
modified OpenID Connect Authentication Request by adding </span><tt><span
lang=EN style='mso-ansi-language:EN'>openid2</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'> as
an additional scope value. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>If PPID was used to obtain the OpenID 2.0 Identifier, </span><tt><span
lang=EN style='mso-ansi-language:EN'>openid.realm</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'>
has to be sent to the OP with the request. For this purpose, a new
authentication request parameter </span><tt><span lang=EN style='mso-ansi-language:
EN'>openid2_realm</span></tt><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'> is defined. <o:p></o:p></span></p>

<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span lang=EN
style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'>openid2_realm<o:p></o:p></span></p>

<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:0in;
margin-left:.5in;margin-bottom:.0001pt'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>OPTIONAL.
The </span><tt><span lang=EN style='mso-ansi-language:EN'>openid.realm</span></tt><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'> value as defined in Section 9.1 of <a
href="#OpenID.2.0"><b><span style='text-decoration:none;text-underline:none'>OpenID
2.0<span style='display:none;mso-hide:all'> (OpenID Foundation,  OpenID
Authentication 2.0,  December&nbsp;2007.)</span></span></b></a> [OpenID.2.0] <o:p></o:p></span></p>

</blockquote>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>If the authority section of Authorization Endpoint URI is
different from the authority section of the OpenID 2.0 OP s OP Endpoint URL,
the client MUST issue a GET request to it with an Accept header set to </span><tt><span
lang=EN style='mso-ansi-language:EN'>application/json</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'> to
obtain the value of </span><tt><span lang=EN style='mso-ansi-language:EN'>iss</span></tt><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'> claim in it. The value of the </span><tt><span lang=EN style='mso-ansi-language:
EN'>iss</span></tt><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'> claim obtained this way and the value of the
</span><tt><span lang=EN style='mso-ansi-language:EN'>iss</span></tt><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'> claim in the ID Token MUST exactly match. <o:p></o:p></span></p>

<p><strong><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Note</span></strong><span lang=EN style='font-family:
"Verdana","sans-serif";color:black;mso-ansi-language:EN'>: This is similar to
YADIS. In case of YADIS, it is using Accept header with its value set to </span><tt><span
lang=EN style='mso-ansi-language:EN'>application/xml+xrds.</span></tt><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'> <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>The following is a non-normative example of an
authentication request to request the OpenID 2.0 Identifier (with line wraps
within values for display purposes only). NOTE: This example assumes that the
OpenID 2.0 OP Identifier is </span><tt><span lang=EN style='mso-ansi-language:
EN'>https://openid2.example.com</span></tt><span lang=EN style='font-family:
"Verdana","sans-serif";color:black;mso-ansi-language:EN'>. <o:p></o:p></span></p>

<div style='margin-left:.5in;display:table'><pre><span lang=EN
style='mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></pre><pre><span lang=EN
style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>  </span>GET /authorize?response_type=id_token<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>           </span>&amp;scope=openid%20openid2<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>           </span>&amp;client_id=s6BhdRkqt3<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>           </span>&amp;state=af0ifjsldkj<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>           </span>&amp;nonce=n-0S6_WzA2Mj<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>           </span>&amp;openid2_realm=https%3A%2F%2Fopenid2.example.com<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>           </span>&amp;redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb HTTP/1.1<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>  </span>Host: server.example.com<o:p></o:p></span></pre></div>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>The End-User performs authentication and authorization at
the Connect OP which then returns the authentication response: <o:p></o:p></span></p>

<div style='margin-left:.5in;display:table'><pre><span lang=EN
style='mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></pre><pre><span lang=EN
style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>  </span>HTTP /1.1 200 OK<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>  </span>Location: https://client.example.com/cb#<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>    </span>id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6IktleTAwMSJ9.ew0KIC<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>    </span>Jpc3MiOiAiaHR0cDovL3NlcnZlci5leGFtcGxlLmNvbSIsDQogInN1Yi<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>    </span>I6ICIyNDgyODk3NjEwMDEiLA0KICJhdWQiOiAiczZCaGRSa3F0MyIsDQ<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>    </span>ogIm5vbmNlIjogIm4tMFM2X1d6QTJNaiIsDQogImV4cCI6IDEzMTEyOD<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>    </span>E5NzAsDQogImlhdCI6IDEzMTEyODA5NzAsDQogIm9wZW5pZDJfaWQiOi<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>    </span>AiaHR0cHM6Ly9vcGVuaWQyLmV4YW1wbGUuY29tL3VzZXIzNTkzOTA4Nz<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>    </span>IxMTIiDQp9.rSo68AZGeJY15WxTtDxHrGlpJu2S7jIHsd_lBrBB20uva<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>    </span>UbbEvJyMJFuQVUeqH-b8XiyUFtHHynXxYq6P8SpMw7UX2y4BGg0Ky-5z<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>    </span>KeGJkT8-Cfkx8eLzKMVE-qsB31NhS3bZ4Wp3mHTsUCOUhbHfEeDRJaCJ<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>    </span>G3NlNEc2QLKBcmfzzdvVw98XuMySFIE0r9ekqx8h0IMvxRQgJENEDQ1q<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>    </span>70v5oR4YcEO1lcbT3a9wAA-0N27zAP0OUURXSMQaIfpmo8kDIaj7oRd8<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>    </span>36PowpRodp7VHKO0RoyhOFGFrDDA4z_mCE4Yopx-tWPZFPO8sekrz-H9<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>    </span>670UAZUOBux2CYGEw&amp;<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>    </span>state=af0ifjsldkj<o:p></o:p></span></pre></div>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>The contents of the ID Token after decoding are: <o:p></o:p></span></p>

<div style='margin-left:.5in;display:table'><pre><span lang=EN
style='mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></pre><pre><span lang=EN
style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>  </span>{<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>     </span>&quot;iss&quot;: &quot;http://server.example.com&quot;,<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>     </span>&quot;sub&quot;: &quot;248289761001&quot;,<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>     </span>&quot;aud&quot;: &quot;s6BhdRkqt3&quot;,<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>     </span>&quot;nonce&quot;: &quot;n-0S6_WzA2Mj&quot;,<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>     </span>&quot;exp&quot;: 1311281970,<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>     </span>&quot;iat&quot;: 1311280970,<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>     </span>&quot;openid2_id&quot;: &quot;https://openid2.example.com/user359390872112&quot;<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>  </span>}<o:p></o:p></span></pre></div>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>To verify the issuer in the ID Token is authoritative for
openid2_id, get the issuer from the OpenID 2.0 Identifier URL. <o:p></o:p></span></p>

<div style='margin-left:.5in;display:table'><pre><span lang=EN
style='mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></pre><pre><span lang=EN
style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>   </span>GET /user359390872112 HTTP/1.1<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>   </span>Host: openid2.example.com<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>   </span>Accept: application/json<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>   </span>HTTP /1.1 200 OK<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>   </span>Content-Type: application/json<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>   </span>{<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>       </span>&quot;iss&quot;: &quot;http://server.example.com&quot;<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>   </span>}<o:p></o:p></span></pre></div>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Verify the iss of ID Token exactly matches the iss of
this response. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=VerifyRP></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.3></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>3.&nbsp; Verification of the Relying
Party by the OP<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>There could be an attack by a malicious RP to obtain the
user s PPID for another RP to perform identity correlation. To mitigate the
risk, the OP MUST verify that the realm and RP s Redirect URI matches as per Section
9.2 of <a href="#OpenID.2.0"><b><span style='text-decoration:none;text-underline:
none'>OpenID 2.0<span style='display:none;mso-hide:all'> (OpenID Foundation,
 OpenID Authentication 2.0,  December&nbsp;2007.)</span></span></b></a>
[OpenID.2.0]. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=ReturnOpenID2ID></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.4></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>4.&nbsp; Returning the OpenID 2.0
Identifier<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>If the verification of the Relying Party was successful
and an associated OpenID 2.0 Identifier for the user is found, then the OP MUST
include the OpenID 2.0 Identifier in the asymmetrically signed ID Token with
the following claim name: <o:p></o:p></span></p>

<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span lang=EN
style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'>openid2_id <o:p></o:p></span></p>

<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:0in;
margin-left:.5in;margin-bottom:.0001pt'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>REQUIRED.
OpenID 2.0 Identifier. It MUST be represented as a JSON string. <o:p></o:p></span></p>

</blockquote>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>For XRI, OpenID 2.0 Identifier MUST be created as </span><tt><span
lang=EN style='mso-ansi-language:EN'>https://xri.net/</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'> <span
class=msoDel><del cite="mailto:Mike%20Jones" datetime="2014-08-08T17:29">+ </del></span><a
style='mso-comment-reference:mbj_23;mso-comment-date:20140808T1744'><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:29">concatenated
with the</ins></span></a></span><span class=MsoCommentReference><span
style='font-size:8.0pt'><span class=msoIns><ins cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:30"><![if !supportAnnotations]><a class=msocomanchor
id="_anchor_23" onmouseover="msoCommentShow('_anchor_23','_com_23')"
onmouseout="msoCommentHide('_com_23')" href="#_msocom_23" language=JavaScript
name="_msoanchor_23"><u><font color=teal>[mbj23]</font></u></a><![endif]><span
style='mso-special-character:comment'>&nbsp;</span></ins></span></span></span><span
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:29"> </ins></span><span
lang=EN>user s verified XRI without the </span></span><tt><span lang=EN
style='mso-ansi-language:EN'>xri://</span></tt><span lang=EN style='font-family:
"Verdana","sans-serif";color:black;mso-ansi-language:EN'> scheme. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>The following is a non-normative example of an ID Token
with an OpenID 2.0 Identifier claim (with line wraps within values for display
purposes only) <o:p></o:p></span></p>

<div style='margin-left:.5in;display:table'><pre><span lang=EN
style='mso-ansi-language:EN'>{<o:p></o:p></span></pre><pre><span lang=EN
style='mso-ansi-language:EN'> &quot;iss&quot;: &quot;http://server.example.com&quot;,<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'> &quot;sub&quot;: &quot;248289761001&quot;,<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'> &quot;aud&quot;: &quot;s6BhdRkqt3&quot;,<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'> &quot;nonce&quot;: &quot;n-0S6_WzA2Mj&quot;,<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'> &quot;exp&quot;: 1311281970,<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'> &quot;iat&quot;: 1311280970,<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'> &quot;openid2_id&quot;: &quot;https://openid2.example.com/user359390872112&quot;<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'>}<o:p></o:p></span></pre></div>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=ErrorResponses></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.4.1></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>4.1.&nbsp; Error Responses<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>In addition to the error conditions defined in <a
href="#OpenID.Core"><b><span style='text-decoration:none;text-underline:none'>OpenID
Connect Core 1.0<span style='display:none;mso-hide:all'> (Sakimura, N.,
Bradley, J., Jones, M., de Medeiros, B., and C. Mortimore,  OpenID Connect Core
1.0,  February&nbsp;2014.)</span></span></b></a> [OpenID.Core<span class=GramE>]<a
style='mso-comment-reference:mbj_24;mso-comment-date:20140808T1744'> </a></span></span><span
class=MsoCommentReference><span style='font-size:8.0pt'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_24"
onmouseover="msoCommentShow('_anchor_24','_com_24')"
onmouseout="msoCommentHide('_com_24')" href="#_msocom_24" language=JavaScript
name="_msoanchor_24">[mbj24]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'>, <span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:49">the </ins></span>following
error conditions are defined in this standard<span class=msoDel><del
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:33">: </del></span><a
style='mso-comment-reference:mbj_25;mso-comment-date:20140808T1744'><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:33">.</ins></span></a></span><span
class=MsoCommentReference><span style='font-size:8.0pt'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:33"><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_25"
onmouseover="msoCommentShow('_anchor_25','_com_25')"
onmouseout="msoCommentHide('_com_25')" href="#_msocom_25" language=JavaScript
name="_msoanchor_25"><u><font color=teal>[mbj25]</font></u></a><![endif]><span
style='mso-special-character:comment'>&nbsp;</span></ins></span></span></span><span
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:33"> </ins></span><span
lang=EN><o:p></o:p></span></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=anchor1></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.4.1.1></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>4.1.1.<span class=GramE>&nbsp; Scope</span>
<span class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:49"> </ins></span>openid2<span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:49"> </ins></span>
not supported<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>If the <a style='mso-comment-reference:mbj_26;mso-comment-date:
20140808T1744'>openid2 </a></span><span class=MsoCommentReference><span
style='font-size:8.0pt'><![if !supportAnnotations]><a class=msocomanchor
id="_anchor_26" onmouseover="msoCommentShow('_anchor_26','_com_26')"
onmouseout="msoCommentHide('_com_26')" href="#_msocom_26" language=JavaScript
name="_msoanchor_26">[mbj26]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'>scope is not supported, the error </span><tt><span
lang=EN style='mso-ansi-language:EN'>invalid_scope</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'> as
defined in 4.1.2.1 of <a href="#RFC6749"><b><span style='text-decoration:none;
text-underline:none'>OAuth<span style='display:none;mso-hide:all'> (Hardt, D.,
 The OAuth 2.0 Authorization Framework,  October&nbsp;2012.)</span></span></b></a>
[RFC6749] SHOULD be returned. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=anchor2></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.4.1.2></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>4.1.2.&nbsp; No Associated OpenID 2.0
Identifier found<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>If a corresponding OpenID 2.0 Identifier is not found for
the authenticated user, the </span><tt><span lang=EN style='mso-ansi-language:
EN'>openid2_id</span></tt><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'> claim in the ID Token MUST have the value </span><tt><span
lang=EN style='mso-ansi-language:EN'>NOT FOUND</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'>. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>NOTE: Even if the </span><tt><span lang=EN
style='mso-ansi-language:EN'>openid2_id</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'>
claim value is </span><tt><span lang=EN style='mso-ansi-language:EN'>NOT FOUND</span></tt><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'>, the overall ID Token can still be valid. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=VerifyIDToken></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.5></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>5.&nbsp; Verification of the ID Token<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>The RP MUST verify the ID Token as specified in 3.1.3.7
of <a href="#OpenID.Core"><b><span style='text-decoration:none;text-underline:
none'>OpenID Connect Core 1.0<span style='display:none;mso-hide:all'>
(Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., and C. Mortimore,
 OpenID Connect Core 1.0,  February&nbsp;2014.)</span></span></b></a>
[OpenID.Core]. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=VerifyOPAuthority></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.6></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>6.&nbsp; Verification of the
authoritativeness of the Connect OP<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>A malicious OP may try to impersonate the user by
returning the OpenID 2.0 Identifier that it is not authoritative for.
Therefore, verifying that the OP is indeed authoritative for the OpenID 2.0
Identifier is imperative. To establish <span class=msoDel><del
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:37">the authoritativeness
for</del></span><span class=msoIns><ins cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:37">that the</ins></span> OpenID 2.0 Identifier<span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:37"> <a
style='mso-comment-reference:mbj_27;mso-comment-date:20140808T1744'>is
authoritative</a></ins></span></span><span class=MsoCommentReference><span
style='font-size:8.0pt'><span class=msoIns><ins cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:38"><![if !supportAnnotations]><a class=msocomanchor
id="_anchor_27" onmouseover="msoCommentShow('_anchor_27','_com_27')"
onmouseout="msoCommentHide('_com_27')" href="#_msocom_27" language=JavaScript
name="_msoanchor_27"><u><font color=teal>[mbj27]</font></u></a><![endif]><span
style='mso-special-character:comment'>&nbsp;</span></ins></span></span></span><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'>, the RP MUST verify that one of the following verification <a
style='mso-comment-reference:mbj_28;mso-comment-date:20140808T1744'>rule<span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:37">s</ins></span>
hold<span class=msoDel><del cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:38">s.</del></span><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:38">:</ins></span></a></span><span
class=MsoCommentReference><span style='font-size:8.0pt'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:38"><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_28"
onmouseover="msoCommentShow('_anchor_28','_com_28')"
onmouseout="msoCommentHide('_com_28')" href="#_msocom_28" language=JavaScript
name="_msoanchor_28"><u><font color=teal>[mbj28]</font></u></a><![endif]><span
style='mso-special-character:comment'>&nbsp;</span></ins></span></span></span><span
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'> <span
lang=EN><o:p></o:p></span></span></p>

<p class=MsoNormal style='margin-top:5.0pt;margin-right:24.0pt;margin-bottom:
5.0pt;margin-left:60.0pt;text-indent:-.25in;mso-list:l0 level1 lfo1;tab-stops:
list .5in'><![if !supportLists]><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:Verdana;mso-bidi-font-family:Verdana;color:black;
mso-ansi-language:EN'><span style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;
</span></span></span><![endif]><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>If
the RP a priori knows that the authority hosted only one OpenID 2.0 OP and
OpenID Connect OP each, the authority section of Authorization Endpoint URI is
the same as the authority section of the OpenID 2.0 OP s OP Endpoint URL. <o:p></o:p></span></p>

<p class=MsoNormal style='margin-top:5.0pt;margin-right:24.0pt;margin-bottom:
5.0pt;margin-left:60.0pt;text-indent:-.25in;mso-list:l0 level1 lfo1;tab-stops:
list .5in'><![if !supportLists]><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:Verdana;mso-bidi-font-family:Verdana;color:black;
mso-ansi-language:EN'><span style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;
</span></span></span><![endif]><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>If
they are not (or when a higher confidence is sought), RP MUST make a GET call
to the obtained verified claimed ID with an Accept header set to </span><tt><span
lang=EN style='mso-ansi-language:EN'>application/json</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'>. The server SHOULD return a JSON with </span><tt><span
lang=EN style='mso-ansi-language:EN'>iss</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'> as its top level member. The value of this
member MUST exactly match the </span><tt><span lang=EN style='mso-ansi-language:
EN'>iss</span></tt><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'> in
the ID Token. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>If both fails, it is a failure and the RP MUST NOT accept
the OpenID 2.0 Identifier. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=AssociateIdentifiers></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.7></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>7.&nbsp; Associating the existing
OpenID 2.0 account with the OpenID Connect identifier<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>As the association between </span><tt><span lang=EN
style='mso-ansi-language:EN'>iss/sub</span></tt><span lang=EN style='font-family:
"Verdana","sans-serif";color:black;mso-ansi-language:EN'> and </span><tt><span
lang=EN style='mso-ansi-language:EN'>openid.claimed_id</span></tt><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'> has been verified, the RP SHOULD associate the existing OpenID 2.0 account
with the OpenID Connect account. <o:p></o:p></span></p>

<p><strong><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>NOTE</span></strong><span lang=EN style='font-family:
"Verdana","sans-serif";color:black;mso-ansi-language:EN'>: At some point in the
future, the OpenID Connect server may drop the support for </span><tt><span
lang=EN style='mso-ansi-language:EN'>openid2</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'>
scope. In this case, the OP will return the </span><tt><span lang=EN
style='mso-ansi-language:EN'>invalid_scope</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'> in
the error as defined in <a href="#ErrorResponses"><b><span style='text-decoration:
none;text-underline:none'>Section&nbsp;4.1<span style='display:none;mso-hide:
all'> (Error Responses)</span></span></b></a>. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=ImplementationConsiderations></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.8></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>8.&nbsp; Implementation Considerations<o:p></o:p></span></h3>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=anchor3></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.8.1></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>8.1.&nbsp; After EOL of OpenID 2.0 OP<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>This standard allows the RP to verify the authenticity of
the OpenID 2.0 Identifier through ID Token even after the OpenID 2.0 OP is
taken down. To enable this, the OP MUST publish the public keys that were used
to sign the ID Token with </span><tt><span lang=EN style='mso-ansi-language:
EN'>openid2_id</span></tt><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'> claim at the URI that this OpenID 2.0
Identifier points to. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>NOTE: The OpenID 2.0 Identifiers can be mapped to a
static file containing the keys, so maintaining such can require minimal
overhead compared to maintaining the full OpenID 2.0 OP. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=PrivacyConsiderations></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.9></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>9.&nbsp; Privacy Considerations<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>This section considers the <span class=msoDel><del
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:50">Privacy</del></span><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:50">privacy</ins></span>-<span
class=msoDel><del cite="mailto:Mike%20Jones" datetime="2014-08-08T17:50">Specific
</del></span><span class=msoIns><ins cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:50">specific </ins></span>threats <a style='mso-comment-reference:
mbj_29;mso-comment-date:20140808T1745'><span class=msoDel><del
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:44">outlaid </del></span></a></span><span
class=MsoCommentReference><span style='font-size:8.0pt'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_29"
onmouseover="msoCommentShow('_anchor_29','_com_29')"
onmouseout="msoCommentHide('_com_29')" href="#_msocom_29" language=JavaScript
name="_msoanchor_29">[mbj29]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:44">described </ins></span>in
Section 5.2 of <a href="#RFC6973"><b><span style='text-decoration:none;
text-underline:none'>RFC6973<span style='display:none;mso-hide:all'> (Cooper,
A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., and R.
Smith,  Privacy Considerations for Internet Protocols,  July&nbsp;2013.)</span></span></b></a>
[RFC6973]. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=anchor4></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.9.1></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>9.1.&nbsp; Correlation<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>This standard essentially is a correlation specification.
It correlates the OpenID Connect identifier with OpenID 2.0 Identifier. In the
usual case where the user has only one account and the Connect and OpenID 2.0
OPs look similar, then the user probably would be expecting that those
identifiers to be correlated silently. However, if the OPs looks very
different, then some users may prefer not to be correlated. As such, the OP
SHOULD make sure that to ask the user if the user wants to correlate. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>When multiple accounts are available for the user, then
the OP MUST make sure that the user picks the intended identity. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=anchor5></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.9.2></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>9.2.&nbsp; Identification by other
parties<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Since the channel is encrypted, this risk is low. If the
channel was vulnerable, then user identifiers and other attributes will be exposed
and thus allows the attacker to identify the user. To avoid it, the parties can
employ ID Token encryption as well. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=anchor6></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.9.3></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>9.3.&nbsp; Secondary Use<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>While there is no technical control in this standard as
to the secondary use is concerned, RP is strongly advised to announce its policy
against secondary use in its privacy policy. Secondary use usually is
associated with privacy impact, so its legitimacy should be carefully
evaluated. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=anchor7></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.9.4></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>9.4.&nbsp; Disclosure<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Since the channel is encrypted, this risk is low. If the
channel was vulnerable, then user identifiers and other attributes will be
exposed and thus allows the attacker to identify the user. To avoid it, the
parties can employ ID Token encryption as well. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=anchor8></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.9.5></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>9.5.&nbsp; Exclusion<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>To avoid Exclusion in this case, make sure to ask the
user if he wants the identifiers to be correlated. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=Security></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.10></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>10.&nbsp; Security Considerations<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>In addition to correctly implementing the usual OpenID
Connect security measures, the RP MUST carefully follow and correctly
implementing <a href="#VerifyOPAuthority"><b><span style='text-decoration:none;
text-underline:none'>Section&nbsp;6<span style='display:none;mso-hide:all'>
(Verification of the authoritativeness of the Connect OP)</span></span></b></a>.
If in doubt, skipping step 1 and just doing step 2 is safer. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=references></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.11></a><a style='mso-comment-reference:mbj_30;
mso-comment-date:20140808T1751'><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>11.&nbsp; References</span></a><span
class=MsoCommentReference><span style='font-size:8.0pt;font-family:"Times New Roman","serif";
color:windowtext;font-weight:normal'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_30"
onmouseover="msoCommentShow('_anchor_30','_com_30')"
onmouseout="msoCommentHide('_com_30')" href="#_msocom_30" language=JavaScript
name="_msoanchor_30">[mbj30]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'><o:p></o:p></span></h3>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=rfc.references></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.12></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>12.&nbsp; References<o:p></o:p></span></h3>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=rfc.references1></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><span lang=EN style='mso-fareast-font-family:"Times New Roman";mso-ansi-language:
EN'>12.1.&nbsp;Normative References<o:p></o:p></span></h3>

<table class=MsoNormalTable border=0 cellpadding=0 width="99%"
 style='width:99.0%;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes'>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
  name=OpenID.2.0><b><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:black'>[OpenID.2.0]</span></b></a><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><o:p></o:p></span></p>
  </td>
  <td style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>OpenID Foundation,  OpenID Authentication
  2.0,  December&nbsp;2007 (<a
  href="http://openid.net/specs/openid-authentication-2_0.txt"><b>TXT</b></a>, <a
  href="http://openid.net/specs/openid-authentication-2_0.html"><b>HTML</b></a>).<o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:1'>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
  name=OpenID.Core><b><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:black'>[OpenID.Core]</span></b></a><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><o:p></o:p></span></p>
  </td>
  <td style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>Sakimura, N., Bradley, J., Jones, M., de
  Medeiros, B., and C. Mortimore,  <a
  href="http://openid.net/specs/openid-connect-core-1_0.html"><b>OpenID Connect
  Core 1.0</b></a>,  February&nbsp;2014.<o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:2'>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=RFC2119><b><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>[RFC2119]</span></b></a><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><o:p></o:p></span></p>
  </td>
  <td style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><a href="mailto:sob@harvard.edu"><b>Bradner,
  S.</b></a>,  <a href="http://tools.ietf.org/html/rfc2119"><b>Key words for
  use in RFCs to Indicate Requirement Levels</b></a>,  BCP&nbsp;14,
  RFC&nbsp;2119, March&nbsp;1997 (<a
  href="http://www.rfc-editor.org/rfc/rfc2119.txt"><b>TXT</b></a>, <a
  href="http://xml.resource.org/public/rfc/html/rfc2119.html"><b>HTML</b></a>, <a
  href="http://xml.resource.org/public/rfc/xml/rfc2119.xml"><b>XML</b></a>).<o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:3;mso-yfti-lastrow:yes'>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=RFC6749><b><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>[RFC6749]</span></b></a><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><o:p></o:p></span></p>
  </td>
  <td style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>Hardt, D.,  <a
  href="http://tools.ietf.org/html/rfc6749"><b>The OAuth 2.0 Authorization
  Framework</b></a>,  RFC&nbsp;6749, October&nbsp;2012 (<a
  href="http://www.rfc-editor.org/rfc/rfc6749.txt"><b>TXT</b></a>).<o:p></o:p></span></p>
  </td>
 </tr>
</table>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=rfc.references2></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><span lang=EN style='mso-fareast-font-family:"Times New Roman";mso-ansi-language:
EN'>12.2.&nbsp;Informative References<o:p></o:p></span></h3>

<table class=MsoNormalTable border=0 cellpadding=0 width="99%"
 style='width:99.0%;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes'>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=RFC6973><b><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>[RFC6973]</span></b></a><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><o:p></o:p></span></p>
  </td>
  <td style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>Cooper, A., Tschofenig, H., Aboba, B.,
  Peterson, J., Morris, J., Hansen, M., and R. Smith,  <a
  href="http://tools.ietf.org/html/rfc6973"><b>Privacy Considerations for
  Internet Protocols</b></a>,  RFC&nbsp;6973, July&nbsp;2013 (<a
  href="http://www.rfc-editor.org/rfc/rfc6973.txt"><b>TXT</b></a>).<o:p></o:p></span></p>
  </td>
 </tr>
</table>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=anchor11></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.A></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>Appendix A.&nbsp; Sequence Diagrams<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Migration Sequence Diagram for Implicit Flow <o:p></o:p></span></p>

<div style='margin-left:.5in;display:table'><pre><span lang=EN
style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>      </span>+----+<span style='mso-spacerun:yes'>  </span>+----------+<span style='mso-spacerun:yes'>   </span>+--------------+ +---------+<span style='mso-spacerun:yes'>  </span>+----------+<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>      </span>| UA |<span style='mso-spacerun:yes'>  </span>| Resource |<span style='mso-spacerun:yes'>   </span>| Redirect URI | | AuthzEP |<span style='mso-spacerun:yes'>  </span>|OpenID2URI|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>      </span>+-+--+<span style='mso-spacerun:yes'>  </span>+----+-----+<span style='mso-spacerun:yes'>   </span>+-----+--------+ +---+-----+<span style='mso-spacerun:yes'>  </span>+-----+----+<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>   </span>Click|Authn Link|<span style='mso-spacerun:yes'>               </span>|<span style='mso-spacerun:yes'>              </span>|<span style='mso-spacerun:yes'>              </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>+--------&gt; |<span style='mso-spacerun:yes'>               </span>|<span style='mso-spacerun:yes'>              </span>|<span style='mso-spacerun:yes'>              </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>       </span><span style='mso-spacerun:yes'> </span>|Authn Req |<span style='mso-spacerun:yes'>               </span>|<span style='mso-spacerun:yes'>              </span>|<span style='mso-spacerun:yes'>              </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>| &lt;--------+<span style='mso-spacerun:yes'>               </span>|<span style='mso-spacerun:yes'>              </span>|<span style='mso-spacerun:yes'>              </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>|<span style='mso-spacerun:yes'>          </span>| Authn Req<span style='mso-spacerun:yes'>     </span>|<span style='mso-spacerun:yes'>              </span>|<span style='mso-spacerun:yes'>              </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>+---------------------------------------&gt; |<span style='mso-spacerun:yes'>           </span><span style='mso-spacerun:yes'>   </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'>+----+----------------------------------------------------------------+<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'>|OPT |<span style='mso-spacerun:yes'>  </span>|<span style='mso-spacerun:yes'>          </span>| Authn Page<span style='mso-spacerun:yes'>    </span>|<span style='mso-spacerun:yes'>              </span>|<span style='mso-spacerun:yes'>              </span>|<span style='mso-spacerun:yes'>    </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'>+----+<span style='mso-spacerun:yes'>  </span>| &lt;---------------------------------------+<span style='mso-spacerun:yes'>              </span>|<span style='mso-spacerun:yes'>    </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'>|<span style='mso-spacerun:yes'>       </span>|<span style='mso-spacerun:yes'>          </span>| Credential<span style='mso-spacerun:yes'>    </span>|<span style='mso-spacerun:yes'>              </span>|<span style='mso-spacerun:yes'>              </span>|<span style='mso-spacerun:yes'>    </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'>|<span style='mso-spacerun:yes'>       </span>+---------------------------------------&gt; |<span style='mso-spacerun:yes'>              </span>|<span style='mso-spacerun:yes'>    </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'>+---------------------------------------------------------------------+<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>|<span style='mso-spacerun:yes'>          </span>|302 to RedirectURI<span style='mso-spacerun:yes'>            </span>|<span style='mso-spacerun:yes'>              </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>| &lt;------------------------+--------------+<span style='mso-spacerun:yes'>              </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>|<span style='mso-spacerun:yes'>          </span>|ID Token<span style='mso-spacerun:yes'>       </span>|<span style='mso-spacerun:yes'>              </span>|<span style='mso-spacerun:yes'>              </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>+------------------------&gt; |<span style='mso-spacerun:yes'>              </span>|<span style='mso-spacerun:yes'>              </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>|<span style='mso-spacerun:yes'>          </span>|<span style='mso-spacerun:yes'>               </span>|------+<span style='mso-spacerun:yes'>       </span>|<span style='mso-spacerun:yes'>            </span><span style='mso-spacerun:yes'>  </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>|<span style='mso-spacerun:yes'>          </span>|Get OpenID2URI |<span style='mso-spacerun:yes'>      </span>|<span style='mso-spacerun:yes'>       </span>|<span style='mso-spacerun:yes'>              </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>|<span style='mso-spacerun:yes'>          </span>|from ID Token<span style='mso-spacerun:yes'>  </span>| &lt;----+<span style='mso-spacerun:yes'>       </span>|<span style='mso-spacerun:yes'>              </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>|<span style='mso-spacerun:yes'>          </span>|<span style='mso-spacerun:yes'>               </span>| GET w/Accept: application/json<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>|<span style='mso-spacerun:yes'>          </span>|<span style='mso-spacerun:yes'>               </span>+---------------------------&gt; |<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>|<span style='mso-spacerun:yes'>          </span>|<span style='mso-spacerun:yes'>               </span>| iss in JSON<span style='mso-spacerun:yes'>                 </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>|<span style='mso-spacerun:yes'>          </span>|<span style='mso-spacerun:yes'>               </span>| &lt;------------+--------------+<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>        </span>|<span style='mso-spacerun:yes'>          </span>|<span style='mso-spacerun:yes'>               </span>|<span style='mso-spacerun:yes'>              </span>|<span style='mso-spacerun:yes'>              </span>|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>      </span>+-+--+<span style='mso-spacerun:yes'>  </span>+----+-----+<span style='mso-spacerun:yes'>  </span>+------+-------+ +----+----+<span style='mso-spacerun:yes'>  </span>+------+---+<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>      </span>| UA |<span style='mso-spacerun:yes'>  </span>| Resource |<span style='mso-spacerun:yes'>  </span>| Redirect URI | | AuthzEP |<span style='mso-spacerun:yes'>  </span>|OpenID2URI|<o:p></o:p></span></pre><pre><span
lang=EN style='mso-ansi-language:EN'><span style='mso-spacerun:yes'>      </span>+----+<span style='mso-spacerun:yes'>  </span>+----------+<span style='mso-spacerun:yes'>  </span>+--------------+ +---------+<span style='mso-spacerun:yes'>  </span>+----------+<o:p></o:p></span></pre></div>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=anchor12></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.B></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>Appendix B.&nbsp; Difference to
Google s migration guide as of June 3, 2014 <o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>In this appendix, the differences between this spec and <span
class=msoDel><del cite="mailto:Mike%20Jones" datetime="2014-08-08T17:40">the </del></span>Google s
migration guide as of June 3, 2014 <span class=msoDel><del
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:40">is </del></span><a
style='mso-comment-reference:mbj_31;mso-comment-date:20140808T1744'><span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:40">are </ins></span></a></span><span
class=MsoCommentReference><span style='font-size:8.0pt'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:40"><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_31"
onmouseover="msoCommentShow('_anchor_31','_com_31')"
onmouseout="msoCommentHide('_com_31')" href="#_msocom_31" language=JavaScript
name="_msoanchor_31"><u><font color=teal>[mbj31]</font></u></a><![endif]><span
style='mso-special-character:comment'>&nbsp;</span></ins></span></span></span><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'>explained. The differences are categorized in accordance with the section
number of this specification. Google's migration guide is available at <a
href="https://developers.google.com/accounts/docs/OpenID#openid-connect"><b>Migrating
to OAuth 2.0 login (OpenID Connect)</b></a>. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'><a href="#RequestOpenid2Id"><b><span style='text-decoration:
none;text-underline:none'>2<span style='display:none;mso-hide:all'> (Requesting
the OpenID 2.0 Identifier and Connect iss/sub pair together)</span></span></b></a>.
<a href="#RequestOpenid2Id"><b><span style='text-decoration:none;text-underline:
none'>Requesting the OpenID 2.0 Identifier and Connect iss/sub pair together<span
style='display:none;mso-hide:all'> (Requesting the OpenID 2.0 Identifier and
Connect iss/sub pair together)</span></span></b></a> <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Google uses </span><tt><span lang=EN style='mso-ansi-language:
EN'>openid.realm</span></tt><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'> instead. Since OpenID Connect uses
param_name style instead of </span><tt><span lang=EN style='mso-ansi-language:
EN'>param.name</span></tt><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'>, as well as the name </span><tt><span
lang=EN style='mso-ansi-language:EN'>openid.realm</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'>
may mislead the user that it is a Connect parameter proper, it has been changed
to </span><tt><span lang=EN style='mso-ansi-language:EN'>openid2_realm</span></tt><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'>. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Google uses the existence of </span><tt><span lang=EN
style='mso-ansi-language:EN'>openid.realm</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'>
parameter to switch the behavior at the Connect OP. New scope value </span><tt><span
lang=EN style='mso-ansi-language:EN'>openid2</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'>
has been introduced in this spec to make it more explicit and semantically
in-line that it is asking for a resource. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'><a href="#VerifyRP"><b><span style='text-decoration:none;
text-underline:none'>3<span style='display:none;mso-hide:all'> (Verification of
the Relying Party by the OP)</span></span></b></a>. <a href="#VerifyRP"><b><span
style='text-decoration:none;text-underline:none'>Verification of the Relying
Party by the OP<span style='display:none;mso-hide:all'> (Verification of the
Relying Party by the OP)</span></span></b></a> <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Google does not perform RP verification. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'><a href="#ReturnOpenID2ID"><b><span style='text-decoration:
none;text-underline:none'>4<span style='display:none;mso-hide:all'> (Returning
the OpenID 2.0 Identifier)</span></span></b></a>. <a href="#ReturnOpenID2ID"><b><span
style='text-decoration:none;text-underline:none'>Returning the OpenID 2.0
Identifier<span style='display:none;mso-hide:all'> (Returning the OpenID 2.0
Identifier)</span></span></b></a> <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Google uses<span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:40"> the scope value</ins></span>
</span><tt><span lang=EN style='mso-ansi-language:EN'>openid_id</span></tt><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'> instead of </span><tt><span lang=EN style='mso-ansi-language:EN'>openid2_id</span></tt><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'> . It was changed to </span><tt><span lang=EN style='mso-ansi-language:
EN'>openid2_id</span></tt><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'> because </span><tt><span lang=EN
style='mso-ansi-language:EN'>openid_id</span></tt><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'>
may cause confusion among people that it is the Connect identifier. Since this
spec allows providing </span><tt><span lang=EN style='mso-ansi-language:EN'>openid2_id</span></tt><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'> even after the OpenID 2.0 OP has been taken down, this claim may persists
much longer than the OpenID 2.0 OP. Thus, the chance of confusion should be
minimized. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Google does not take care of XRI while this standard
does. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'><a href="#VerifyOPAuthority"><b><span style='text-decoration:
none;text-underline:none'>6<span style='display:none;mso-hide:all'>
(Verification of the authoritativeness of the Connect OP)</span></span></b></a>.
<a href="#VerifyOPAuthority"><b><span style='text-decoration:none;text-underline:
none'>Verification of the authoritativeness of the Connect OP<span
style='display:none;mso-hide:all'> (Verification of the authoritativeness of
the Connect OP)</span></span></b></a> <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Google does not perform authority verification. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=Acknowledgements></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.C></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>Appendix C.&nbsp; Acknowledgements<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>In addition to the authors, the OpenID Community would
like to thank the following people for their contributions to this
specification: <o:p></o:p></span></p>

<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Breno de Medeiros (breno@google.com), Google <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Ryo Ito (ryo.ito@mixi.co.jp), mixi, Inc. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Michael B. Jones (mbj@microsoft.com), Microsoft <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Nov Matake (nov@matake.jp), Independent <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Allan Foster<a style='mso-comment-reference:mbj_32;
mso-comment-date:20140808T1744'><span class=msoIns><ins cite="mailto:Mike%20Jones"
datetime="2014-08-08T17:41"> </ins></span></a></span><span
class=MsoCommentReference><span style='font-size:8.0pt'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:41"><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_32"
onmouseover="msoCommentShow('_anchor_32','_com_32')"
onmouseout="msoCommentHide('_com_32')" href="#_msocom_32" language=JavaScript
name="_msoanchor_32"><u><font color=teal>[mbj32]</font></u></a><![endif]><span
style='mso-special-character:comment'>&nbsp;</span></ins></span></span></span><span
lang=EN style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:
EN'>(allan.foster@forgerock.com), ForgeRock <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Chuck Mortimore (cmortimore@salesforce.com), Salesforce <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Torsten Lodderstedt (torsten@lodderstedt.net), <a
style='mso-comment-reference:mbj_33;mso-comment-date:20140808T1744'>Deut<span
class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:41">s</ins></span>che
</a></span><span class=MsoCommentReference><span style='font-size:8.0pt'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_33"
onmouseover="msoCommentShow('_anchor_33','_com_33')"
onmouseout="msoCommentHide('_com_33')" href="#_msocom_33" language=JavaScript
name="_msoanchor_33">[mbj33]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'>Telekom <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Justin Richer (jricher@mitre.org), <a style='mso-comment-reference:
mbj_34;mso-comment-date:20140808T1751'><span class=msoDel><del
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:51">Mitre </del></span></a></span><span
class=MsoCommentReference><span style='font-size:8.0pt'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_34"
onmouseover="msoCommentShow('_anchor_34','_com_34')"
onmouseout="msoCommentHide('_com_34')" href="#_msocom_34" language=JavaScript
name="_msoanchor_34">[mbj34]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'><span class=msoIns><ins
cite="mailto:Mike%20Jones" datetime="2014-08-08T17:51">MITRE </ins></span>Corporation
<o:p></o:p></span></p>

</blockquote>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a name=Notices></a><span
lang=EN style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a name=rfc.section.D></a><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>Appendix D.&nbsp; Notices<o:p></o:p></span></h3>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>Copyright (c) 2014 The OpenID Foundation. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>The OpenID Foundation (OIDF) grants to any Contributor,
developer, implementer, or other interested party a non-exclusive, royalty
free, worldwide copyright license to reproduce, prepare derivative works from,
distribute, perform and display, this Implementers Draft or Final Specification
solely for the purposes of (i) developing specifications, and (ii) implementing
Implementers Drafts and Final Specifications based on such documents, provided
that attribution be made to the OIDF as the source of the material, but that
such attribution does not indicate an endorsement by the OIDF. <o:p></o:p></span></p>

<p><span lang=EN style='font-family:"Verdana","sans-serif";color:black;
mso-ansi-language:EN'>The technology described in this specification was made
available from contributions from various sources, including members of the
OpenID Foundation and others. Although the OpenID Foundation has taken steps to
help ensure that the technology is available for distribution, it takes no
position regarding the validity or scope of any intellectual property or other
rights that might be claimed to pertain to the implementation or use of the
technology described in this specification or the extent to which any license
under such rights might or might not be available; neither does it represent
that it has made any independent effort to identify any such rights. The OpenID
Foundation and the contributors to this specification make no (and hereby
expressly disclaim any) warranties (express, implied, or otherwise), including
implied warranties of merchantability, non-infringement, fitness for a
particular purpose, or title, related to this specification, and the entire
risk as to implementing this specification is assumed by the implementer. The
OpenID Intellectual Property Rights policy requires contributors to offer a
patent promise not to assert certain patent claims against other contributors
and against implementers. The OpenID Foundation invites any interested party to
bring to its attention any copyrights, patents, patent applications, or other
proprietary rights that may cover technology that may be required to practice
this specification. <o:p></o:p></span></p>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=rfc.authors></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><span lang=EN style='mso-fareast-font-family:"Times New Roman";mso-ansi-language:
EN'>Authors' Addresses<o:p></o:p></span></h3>

<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width="99%"
 style='width:99.0%;mso-cellspacing:0in;mso-yfti-tbllook:1184;mso-padding-alt:
 0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>&nbsp;<o:p></o:p></span></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>Nat Sakimura<o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:1'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>&nbsp;<o:p></o:p></span></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>Nomura Research Institute, Ltd.<o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:2'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal align=right style='margin-top:0in;margin-right:0in;
  margin-bottom:0in;margin-left:48.0pt;margin-bottom:.0001pt;text-align:right'><b><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>Email:&nbsp;<o:p></o:p></span></b></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><a href="mailto:n-sakimura@nri.co.jp"><b>n-sakimura@nri.co.jp</b></a><o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:3'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal align=right style='margin-top:0in;margin-right:0in;
  margin-bottom:0in;margin-left:48.0pt;margin-bottom:.0001pt;text-align:right'><b><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>URI:&nbsp;<o:p></o:p></span></b></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><a href="http://nat.sakimura.org/"><b>http://nat.sakimura.org/</b></a><o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:4' cellpadding=3>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
  color:black'>&nbsp;<o:p></o:p></span></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
  color:black'>&nbsp;<o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:5'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>&nbsp;<o:p></o:p></span></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>John Bradley<o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:6'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>&nbsp;<o:p></o:p></span></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>Ping Identity<o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:7'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal align=right style='margin-top:0in;margin-right:0in;
  margin-bottom:0in;margin-left:48.0pt;margin-bottom:.0001pt;text-align:right'><b><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>Email:&nbsp;<o:p></o:p></span></b></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><a href="mailto:ve7jtb@ve7jtb.com"><b>ve7jtb@ve7jtb.com</b></a><o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:8'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal align=right style='margin-top:0in;margin-right:0in;
  margin-bottom:0in;margin-left:48.0pt;margin-bottom:.0001pt;text-align:right'><b><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>URI:&nbsp;<o:p></o:p></span></b></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><a href="http://www.thread-safe.com/"><b>http://www.thread-safe.com/</b></a><o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:9' cellpadding=3>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
  color:black'>&nbsp;<o:p></o:p></span></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
  color:black'>&nbsp;<o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:10'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>&nbsp;<o:p></o:p></span></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><span class=msoDel><del
  cite="mailto:Mike%20Jones" datetime="2014-08-08T17:42">Naween </del></span><a
  style='mso-comment-reference:mbj_35;mso-comment-date:20140808T1744'><span
  class=msoIns><ins cite="mailto:Mike%20Jones" datetime="2014-08-08T17:42">Naveen
  </ins></span></a></span><span class=MsoCommentReference><span
  style='font-size:8.0pt'><span class=msoIns><ins cite="mailto:Mike%20Jones"
  datetime="2014-08-08T17:42"><![if !supportAnnotations]><a class=msocomanchor
  id="_anchor_35" onmouseover="msoCommentShow('_anchor_35','_com_35')"
  onmouseout="msoCommentHide('_com_35')" href="#_msocom_35"
  language=JavaScript name="_msoanchor_35"><u><font color=teal>[mbj35]</font></u></a><![endif]><span
  style='mso-special-character:comment'>&nbsp;</span></ins></span></span></span><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>Agarwal<o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:11'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>&nbsp;<o:p></o:p></span></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>Google<o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:12'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal align=right style='margin-top:0in;margin-right:0in;
  margin-bottom:0in;margin-left:48.0pt;margin-bottom:.0001pt;text-align:right'><b><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>Email:&nbsp;<o:p></o:p></span></b></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><a href="mailto:naa@google.com"><b>naa@google.com</b></a><o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:13'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal align=right style='margin-top:0in;margin-right:0in;
  margin-bottom:0in;margin-left:48.0pt;margin-bottom:.0001pt;text-align:right'><b><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>URI:&nbsp;<o:p></o:p></span></b></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><a href="http://www.google.com"><b>http://www.google.com</b></a><o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:14' cellpadding=3>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
  color:black'>&nbsp;<o:p></o:p></span></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-family:"Verdana","sans-serif";mso-fareast-font-family:"Times New Roman";
  color:black'>&nbsp;<o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:15'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>&nbsp;<o:p></o:p></span></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>Edmund Jay<o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:16'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>&nbsp;<o:p></o:p></span></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>Illumila<o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:17'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal align=right style='margin-top:0in;margin-right:0in;
  margin-bottom:0in;margin-left:48.0pt;margin-bottom:.0001pt;text-align:right'><b><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>Email:&nbsp;<o:p></o:p></span></b></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><a href="mailto:ejay@illumi.la"><b>ejay@illumi.la</b></a><o:p></o:p></span></p>
  </td>
 </tr>
 <tr style='mso-yfti-irow:18;mso-yfti-lastrow:yes'>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal align=right style='margin-top:0in;margin-right:0in;
  margin-bottom:0in;margin-left:48.0pt;margin-bottom:.0001pt;text-align:right'><b><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'>URI:&nbsp;<o:p></o:p></span></b></p>
  </td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
  style='font-size:10.0pt;font-family:"Verdana","sans-serif";mso-fareast-font-family:
  "Times New Roman";color:black'><a href="http://illumi.la"><b>http://illumi.la</b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><a
name=rfc.copyright></a><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'><o:p>&nbsp;</o:p></span></p>

<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><span lang=EN style='font-family:"Verdana","sans-serif";
mso-fareast-font-family:"Times New Roman";color:black;mso-ansi-language:EN'>

<hr size=1 width="100%" align=center>

</span></div>

<table class=MsoNormalTable border=0 cellpadding=0 summary=layout align=right
 width=30 style='width:22.5pt;mso-cellspacing:1.5pt;mso-yfti-tbllook:1184;
 mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:
 paragraph;mso-table-anchor-horizontal:column;mso-table-left:right;mso-table-top:
 middle;mso-padding-alt:0in 0in 0in 0in'>
 <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:11.25pt'>
  <td width=30 style='width:22.5pt;background:#990000;padding:0in 0in 0in 0in;
  height:11.25pt'>
  <p class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
  text-align:center;mso-line-height-alt:11.25pt;mso-element:frame;mso-element-frame-hspace:
  2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;
  mso-element-anchor-horizontal:column;mso-element-left:right;mso-element-top:
  middle;mso-height-rule:exactly'><span style='font-family:"Verdana","sans-serif";
  mso-fareast-font-family:"Times New Roman";color:white'><a href="#toc"><b><span
  style='font-size:10.0pt;font-family:Monaco;color:white;text-decoration:none;
  text-underline:none'>&nbsp;TOC&nbsp;</span></b></a><o:p></o:p></span></p>
  </td>
 </tr>
</table>

<h3><a style='mso-comment-reference:mbj_36;mso-comment-date:20140808T1744'><span
lang=EN style='mso-fareast-font-family:"Times New Roman";mso-ansi-language:
EN'>Full Copyright Statement<o:p></o:p></span></a></h3>

<p class=copyright><span style='mso-comment-continuation:36'><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'>Copyright
© OpenID Foundation (2014). All Rights Reserved.<o:p></o:p></span></span></p>

<p class=copyright><span style='mso-comment-continuation:36'><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'>The
OpenID Foundation (OIDF) grants to any Contributor, developer, implementer, or
other interested party a non-exclusive, royalty free, worldwide copyright
license to reproduce, prepare derivative works from, distribute, perform and
display, this Implementers Draft or Final Specification solely for the purposes
of (i) developing specifications, and (ii) implementing Implementers Drafts and
Final Specifications based on such documents, provided that attribution be made
to the OIDF as the source of the material, but that such attribution does not
indicate an endorsement by the OIDF.<o:p></o:p></span></span></p>

<p class=copyright><span style='mso-comment-continuation:36'><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'>The
technology described in this specification was made available from
contributions from various sources, including members of the OpenID Foundation
and others. Although the OpenID Foundation has taken steps to help ensure that
the technology is available for distribution, it takes no position regarding
the validity or scope of any intellectual property or other rights that might
be claimed to pertain to the implementation or use of the technology described
in this specification or the extent to which any license under such rights
might or might not be available; neither does it represent that it has made any
independent effort to identify any such rights. The OpenID Foundation and the
contributors to this specification make no (and hereby expressly disclaim any)
warranties (express, implied, or otherwise), including implied warranties of
merchantability, non-infringement, fitness for a particular purpose, or title,
related to this specification, and the entire risk as to implementing this
specification is assumed by the implementer. The OpenID Intellectual Property
Rights policy requires contributors to offer a patent promise not to assert
certain patent claims against other contributors and against implementers. The
OpenID Foundation invites any interested party to bring to its attention any
copyrights, patents, patent applications, or other proprietary rights that may
cover technology that may be required to practice this specification.<o:p></o:p></span></span></p>

<h3><span style='mso-comment-continuation:36'><span lang=EN style='mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN'>Intellectual Property<o:p></o:p></span></span></h3>

<p class=copyright><span style='mso-comment-continuation:36'><span lang=EN
style='font-family:"Verdana","sans-serif";color:black;mso-ansi-language:EN'>For
OpenID Foundation's IPR Policy, refer to
http://openid.net/ipr/OpenID_IPR_Policy<span class=GramE>_(</span>Final_Clean_20071221).pdf</span></span><span
class=MsoCommentReference><span style='font-size:8.0pt'><![if !supportAnnotations]><a
class=msocomanchor id="_anchor_36"
onmouseover="msoCommentShow('_anchor_36','_com_36')"
onmouseout="msoCommentHide('_com_36')" href="#_msocom_36" language=JavaScript
name="_msoanchor_36">[mbj36]</a><![endif]><span style='mso-special-character:
comment'>&nbsp;</span></span></span><span lang=EN style='font-family:"Verdana","sans-serif";
color:black;mso-ansi-language:EN'><o:p></o:p></span></p>

</div>

<div style='mso-element:comment-list'><![if !supportAnnotations]>

<hr class=msocomoff align=left size=1 width="33%">

<![endif]>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_1" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_1','_com_1')"
onmouseout="msoCommentHide('_com_1')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_1"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_1" class=msocomoff>[mbj1]</a><![endif]></span></span></span>We
should always use the term  OpenID Connect  and never abbreviate it to just  Connect .<span
style='mso-spacerun:yes'>  </span>It s our brand   let s use it correctly.<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_2" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_2','_com_2')"
onmouseout="msoCommentHide('_com_2')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_2"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_2" class=msocomoff>[mbj2]</a><![endif]></span></span></span>Put
quotation marks around claims names.<span style='mso-spacerun:yes'> 
</span>This should become  iss / sub .<span style='mso-spacerun:yes'>  </span>This
should be done for all other protocol literals as well.<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_3" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_3','_com_3')"
onmouseout="msoCommentHide('_com_3')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_3"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_3" class=msocomoff>[mbj3]</a><![endif]></span></span></span>Titles
need to be in title case, per English grammar rules.<span
style='mso-spacerun:yes'>  </span>Thus, the P and T must be capitalized.<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_4" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_4','_com_4')"
onmouseout="msoCommentHide('_com_4')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_4"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_4" class=msocomoff>[mbj4]</a><![endif]></span></span></span>It s
inconsistent to use Relying Party and OP together.<span
style='mso-spacerun:yes'>  </span>Spell both out.<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_5" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_5','_com_5')"
onmouseout="msoCommentHide('_com_5')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_5"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_5" class=msocomoff>[mbj5]</a><![endif]></span></span></span>This
draft has lots of &lt;title&gt; tags without anchor members, even though I
pointed this out in my -02 comments.<span style='mso-spacerun:yes'> 
</span>Please fix all of these.<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_6" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_6','_com_6')"
onmouseout="msoCommentHide('_com_6')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_6"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_6" class=msocomoff>[mbj6]</a><![endif]></span></span></span>Put
quotation marks around uses of protocol literals<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_7" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_7','_com_7')"
onmouseout="msoCommentHide('_com_7')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_7"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_7" class=msocomoff>[mbj7]</a><![endif]></span></span></span>Title
case needed<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_8" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_8','_com_8')"
onmouseout="msoCommentHide('_com_8')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_8"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_8" class=msocomoff>[mbj8]</a><![endif]></span></span></span>This
construction is less awkward grammatically<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_9" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_9','_com_9')"
onmouseout="msoCommentHide('_com_9')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_9"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_9" class=msocomoff>[mbj9]</a><![endif]></span></span></span>Title
case<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_10" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_10','_com_10')"
onmouseout="msoCommentHide('_com_10')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_10"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_10" class=msocomoff>[mbj10]</a><![endif]></span></span></span>Title
case<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_11" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_11','_com_11')"
onmouseout="msoCommentHide('_com_11')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_11"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_11" class=msocomoff>[mbj11]</a><![endif]></span></span></span>Title
case<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_12" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_12','_com_12')"
onmouseout="msoCommentHide('_com_12')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_12"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_12" class=msocomoff>[mbj12]</a><![endif]></span></span></span>EOL
normally stands for end-of-line. Don t use abbreviations when they re not
universally understood.<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_13" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_13','_com_13')"
onmouseout="msoCommentHide('_com_13')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_13"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_13" class=msocomoff>[mbj13]</a><![endif]></span></span></span>Title
case<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_14" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_14','_com_14')"
onmouseout="msoCommentHide('_com_14')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_14"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_14" class=msocomoff>[mbj14]</a><![endif]></span></span></span>Remove
this duplicate section.<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_15" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_15','_com_15')"
onmouseout="msoCommentHide('_com_15')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_15"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_15" class=msocomoff>[mbj15]</a><![endif]></span></span></span>This
construction is more grammatical<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_16" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_16','_com_16')"
onmouseout="msoCommentHide('_com_16')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_16"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_16" class=msocomoff>[mbj16]</a><![endif]></span></span></span>Title
case<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_17" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_17','_com_17')"
onmouseout="msoCommentHide('_com_17')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_17"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_17" class=msocomoff>[mbj17]</a><![endif]></span></span></span>This
section duplicates the content of the Notices section, and is not in any other
OpenID standards.<span style='mso-spacerun:yes'>  </span>Please remove it.<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_18" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_18','_com_18')"
onmouseout="msoCommentHide('_com_18')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_18"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_18" class=msocomoff>[mbj18]</a><![endif]></span></span></span>OpenID
Connect is not a version of OpenID 2.0</p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_19" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_19','_com_19')"
onmouseout="msoCommentHide('_com_19')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_19"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_19" class=msocomoff>[mbj19]</a><![endif]></span></span></span>This
construction is awkward.<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_20" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_20','_com_20')"
onmouseout="msoCommentHide('_com_20')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_20"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_20" class=msocomoff>[mbj20]</a><![endif]></span></span></span>You re
missing a space here.<span style='mso-spacerun:yes'>  </span>I pointed this out
in my draft -02 comments but it wasn t added to -03.<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_21" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_21','_com_21')"
onmouseout="msoCommentHide('_com_21')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_21"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_21" class=msocomoff>[mbj21]</a><![endif]></span></span></span>This
is more grammatical<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_22" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_22','_com_22')"
onmouseout="msoCommentHide('_com_22')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_22"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_22" class=msocomoff>[mbj22]</a><![endif]></span></span></span>I
would change this term to OpenID Connect OP so that we re never using  Connect 
without  OpenID .<span style='mso-spacerun:yes'>  </span>Again, we should use
our own trademarks correctly.<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_23" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_23','_com_23')"
onmouseout="msoCommentHide('_com_23')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_23"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_23" class=msocomoff>[mbj23]</a><![endif]></span></span></span>More
precise<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_24" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_24','_com_24')"
onmouseout="msoCommentHide('_com_24')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_24"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_24" class=msocomoff>[mbj24]</a><![endif]></span></span></span>Delete
this extra space<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_25" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_25','_com_25')"
onmouseout="msoCommentHide('_com_25')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_25"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_25" class=msocomoff>[mbj25]</a><![endif]></span></span></span>This
should be a period since a list doesn t immediately follow.<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_26" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_26','_com_26')"
onmouseout="msoCommentHide('_com_26')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_26"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_26" class=msocomoff>[mbj26]</a><![endif]></span></span></span>Use
spanx verb around all protocol literals<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_27" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_27','_com_27')"
onmouseout="msoCommentHide('_com_27')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_27"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_27" class=msocomoff>[mbj27]</a><![endif]></span></span></span>Less
awkward<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_28" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_28','_com_28')"
onmouseout="msoCommentHide('_com_28')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_28"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_28" class=msocomoff>[mbj28]</a><![endif]></span></span></span>Plural
usage<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_29" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_29','_com_29')"
onmouseout="msoCommentHide('_com_29')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_29"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_29" class=msocomoff>[mbj29]</a><![endif]></span></span></span>This
is awkward</p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_30" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_30','_com_30')"
onmouseout="msoCommentHide('_com_30')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_30"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_30" class=msocomoff>[mbj30]</a><![endif]></span></span></span>Delete
this duplicate, empty section!</p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_31" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_31','_com_31')"
onmouseout="msoCommentHide('_com_31')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_31"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_31" class=msocomoff>[mbj31]</a><![endif]></span></span></span>Plural
usage<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_32" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_32','_com_32')"
onmouseout="msoCommentHide('_com_32')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_32"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_32" class=msocomoff>[mbj32]</a><![endif]></span></span></span>Add
the missing space here<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_33" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_33','_com_33')"
onmouseout="msoCommentHide('_com_33')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_33"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_33" class=msocomoff>[mbj33]</a><![endif]></span></span></span>This
was misspelled<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_34" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_34','_com_34')"
onmouseout="msoCommentHide('_com_34')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_34"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_34" class=msocomoff>[mbj34]</a><![endif]></span></span></span>MITRE
is spelled in uppercase</p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_35" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_35','_com_35')"
onmouseout="msoCommentHide('_com_35')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_35"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_35" class=msocomoff>[mbj35]</a><![endif]></span></span></span>This
was misspelled<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

<div style='mso-element:comment'><![if !supportAnnotations]>

<div id="_com_36" class=msocomtxt language=JavaScript
onmouseover="msoCommentShow('_anchor_36','_com_36')"
onmouseout="msoCommentHide('_com_36')"><![endif]><span style='mso-comment-author:
"Mike Jones"'><![if !supportAnnotations]><a name="_msocom_36"></a><![endif]></span>

<p class=MsoCommentText><span class=MsoCommentReference><span style='font-size:
8.0pt'><span style='mso-special-character:comment'>&nbsp;<![if !supportAnnotations]><a
href="#_msoanchor_36" class=msocomoff>[mbj36]</a><![endif]></span></span></span>Delete
these.<span style='mso-spacerun:yes'>  </span>This duplicates the contents of
the Notices section and isn t how we do this in any of the other OpenID Connect
specs.<o:p></o:p></p>

<![if !supportAnnotations]></div>

<![endif]></div>

</div>

</body>

</html>