<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>This spec is intended for clients that need to publish their
metadata, for example at a well-known endpoint, without having a
particular AS / OP in mind.</p>
<p>This is the natural situation in OpenID Federation. Federated RPs
are able to get auto-registered by many OPs, potentially OPs that
belong to more than one federation and are thus required to
fulfill disjoint policies / profiles. <br>
</p>
<p>For example:</p>
<ul>
<li>Federation A allows ID tokens signed with RS256 and the
majority of its OPs support only that alg<br>
<br>
</li>
<li>Federation B is FAPI 2.0 compliant and requires ID tokens
signed with other algs</li>
</ul>
<p><br>
</p>
<p>In OpenID Federation this spec also makes it possible to define
and apply RP metadata policies that are guaranteed to work across
multiple federations. <br>
</p>
<p><br>
</p>
<pre class="moz-signature" cols="72">Vladimir</pre>
<div class="moz-cite-prefix">On 09/10/2024 20:40, Filip Skokan via
Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite"
cite="mid:E27BD3C7-3C2B-4232-88F3-8028ECAB252E@gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
Hello Mike,
<div><br>
</div>
<div>I struggle to see these as metadata that the AS is meant to
respond with to a DCR request. </div>
<div><br>
</div>
<div>I understand the intention of allowing the client to say
"here's what I support, you choose for me". What I don't get is
why the client can't figure out what to use exactly based on the
AS metadata in the first place. I must be surely missing
something so apologies there. </div>
<div><br>
</div>
<div>Nevertheless I don't think the AS should ever have the need
to respond with these metadata in a DCR enpoint response. So,
they might be useful as input but don't make much sense in
responses to me.</div>
<div><br id="lineBreakAtBeginningOfSignature">
<div dir="ltr">- Filip</div>
<div dir="ltr"><br>
<blockquote type="cite">9. 10. 2024 v 4:35, Michael Jones via
Openid-specs-ab <a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a>:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<meta http-equiv="Content-Type"
content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face { font-family: "Cambria Math"; }@font-face { font-family: Calibri; }@font-face { font-family: Aptos; }p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in; font-size: 11pt; font-family: Aptos, sans-serif; }a:link, span.MsoHyperlink { color: rgb(70, 120, 134); text-decoration: underline; }span.EmailStyle20 { font-family: Aptos, sans-serif; color: windowtext; }.MsoChpDefault { font-size: 10pt; }div.WordSection1 { page: WordSection1; }</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">The authors of the attached
specification hereby contribute it to the OpenID Connect
working group. It was created to address issues
<a
href="https://bitbucket.org/openid/connect/issues/2158/metadata-parameter-value-arrays-for-rp"
moz-do-not-send="true" class="moz-txt-link-freetext">
https://bitbucket.org/openid/connect/issues/2158/metadata-parameter-value-arrays-for-rp</a>
and
<a href="https://github.com/openid/federation/issues/12"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/openid/federation/issues/12</a>.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">
-- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-family:"Calibri",sans-serif;mso-ligatures:none">From:</span></b><span
style="font-family:"Calibri",sans-serif;mso-ligatures:none">
Michael Jones
<br>
<b>Sent:</b> Thursday, October 3, 2024 10:09 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br>
<b>Subject:</b> FW: OpenID Connect Relying Party
Metadata Choices 1.0 spec<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">On Monday’s working group call, we
discussed that I should go through the list of
<a
href="https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#client-metadata"
moz-do-not-send="true">
registered OAuth Client Metadata values</a> and see if
there were any more that should be added to the list in
this specification. My conclusion was that there were
not. I’ll therefore plan to contribute it to the
working group as-is so we can start addressing the
issues filed unless I hear feedback soon requesting
changes first.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">
Thanks all,<o:p></o:p></p>
<p class="MsoNormal">
-- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-family:"Calibri",sans-serif;mso-ligatures:none">From:</span></b><span
style="font-family:"Calibri",sans-serif;mso-ligatures:none">
Michael Jones
<br>
<b>Sent:</b> Sunday, September 29, 2024 7:53 PM<br>
<b>To:</b> <a
href="mailto:openid-specs-ab@lists.openid.net"
moz-do-not-send="true"
class="moz-txt-link-freetext">openid-specs-ab@lists.openid.net</a><br>
<b>Subject:</b> OpenID Connect Relying Party
Metadata Choices 1.0 spec<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The attached spec (with source and
HTML output) defines client metadata parameters
corresponding to all the single-valued OpenID Connect
Dynamic Client Registration metadata parameters, letting
RPs declare the sets of values for these parameters that
they support. This is intended to address both <a
href="https://bitbucket.org/openid/connect/issues/2158/metadata-parameter-value-arrays-for-rp"
moz-do-not-send="true" class="moz-txt-link-freetext">
https://bitbucket.org/openid/connect/issues/2158/metadata-parameter-value-arrays-for-rp</a>
and
<a href="https://github.com/openid/federation/issues/12"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/openid/federation/issues/12</a>.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Reviews welcomed!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">
-- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div><openid-connect-rp-metadata-choices-1_0.xml></div>
<div><openid-connect-rp-metadata-choices-1_0.html></div>
<span>_______________________________________________</span><br>
<span>Openid-specs-ab mailing list</span><br>
<span><a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a></span><br>
<span><a class="moz-txt-link-freetext" href="https://lists.openid.net/mailman/listinfo/openid-specs-ab">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a></span><br>
</div>
</blockquote>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="https://lists.openid.net/mailman/listinfo/openid-specs-ab">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
</body>
</html>