<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1586107289;
mso-list-template-ids:799342414;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#467886" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Filip’s observation that OPs wouldn’t return multiple choices in Dynamic Client Registration responses is correct. We can clarify that in a subsequent version of the spec.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> -- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">From:</span></b><span style="font-family:"Calibri",sans-serif"> Openid-specs-ab <openid-specs-ab-bounces@lists.openid.net>
<b>On Behalf Of </b>Vladimir Dzhuvinov / Connect2id via Openid-specs-ab<br>
<b>Sent:</b> Wednesday, October 9, 2024 12:45 PM<br>
<b>To:</b> openid-specs-ab@lists.openid.net<br>
<b>Cc:</b> Vladimir Dzhuvinov / Connect2id <vladimir@connect2id.com><br>
<b>Subject:</b> Re: [Openid-specs-ab] Contributing OpenID Connect Relying Party Metadata Choices 1.0 spec to the working group<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p>This spec is intended for clients that need to publish their metadata, for example at a well-known endpoint, without having a particular AS / OP in mind.<span style="font-size:12.0pt"><o:p></o:p></span></p>
<p>This is the natural situation in OpenID Federation. Federated RPs are able to get auto-registered by many OPs, potentially OPs that belong to more than one federation and are thus required to fulfill disjoint policies / profiles.
<o:p></o:p></p>
<p>For example:<o:p></o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt;mso-list:l0 level1 lfo1">
Federation A allows ID tokens signed with RS256 and the majority of its OPs support only that alg<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Federation B is FAPI 2.0 compliant and requires ID tokens signed with other algs<o:p></o:p></li></ul>
<p><o:p> </o:p></p>
<p>In OpenID Federation this spec also makes it possible to define and apply RP metadata policies that are guaranteed to work across multiple federations.
<o:p></o:p></p>
<p><o:p> </o:p></p>
<pre>Vladimir<o:p></o:p></pre>
<div>
<p class="MsoNormal">On 09/10/2024 20:40, Filip Skokan via Openid-specs-ab wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hello Mike, <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I struggle to see these as metadata that the AS is meant to respond with to a DCR request. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I understand the intention of allowing the client to say "here's what I support, you choose for me". What I don't get is why the client can't figure out what to use exactly based on the AS metadata in the first place. I must be surely missing
something so apologies there. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Nevertheless I don't think the AS should ever have the need to respond with these metadata in a DCR enpoint response. So, they might be useful as input but don't make much sense in responses to me.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">- Filip<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt">9.<span style="font-family:"Arial",sans-serif"> </span>10.<span style="font-family:"Arial",sans-serif"> </span>2024 v 4:35, Michael Jones via Openid-specs-ab
<a href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a>:<o:p></o:p></p>
</blockquote>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-family:"Tahoma",sans-serif"></span> <span style="font-size:12.0pt">
<o:p></o:p></span></p>
<p class="MsoNormal">The authors of the attached specification hereby contribute it to the OpenID Connect working group. It was created to address issues
<a href="https://bitbucket.org/openid/connect/issues/2158/metadata-parameter-value-arrays-for-rp">
https://bitbucket.org/openid/connect/issues/2158/metadata-parameter-value-arrays-for-rp</a> and
<a href="https://github.com/openid/federation/issues/12">https://github.com/openid/federation/issues/12</a>.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> -- Mike<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">From:</span></b><span style="font-family:"Calibri",sans-serif"> Michael Jones
<br>
<b>Sent:</b> Thursday, October 3, 2024 10:09 PM<br>
<b>To:</b> <a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br>
<b>Subject:</b> FW: OpenID Connect Relying Party Metadata Choices 1.0 spec</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">On Monday’s working group call, we discussed that I should go through the list of
<a href="https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#client-metadata">
registered OAuth Client Metadata values</a> and see if there were any more that should be added to the list in this specification. My conclusion was that there were not. I’ll therefore plan to contribute it to the working group as-is so we can start addressing
the issues filed unless I hear feedback soon requesting changes first.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> Thanks all,<o:p></o:p></p>
<p class="MsoNormal"> -- Mike<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">From:</span></b><span style="font-family:"Calibri",sans-serif"> Michael Jones
<br>
<b>Sent:</b> Sunday, September 29, 2024 7:53 PM<br>
<b>To:</b> <a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br>
<b>Subject:</b> OpenID Connect Relying Party Metadata Choices 1.0 spec</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The attached spec (with source and HTML output) defines client metadata parameters corresponding to all the single-valued OpenID Connect Dynamic Client Registration metadata parameters, letting RPs declare the sets of values for these parameters
that they support. This is intended to address both <a href="https://bitbucket.org/openid/connect/issues/2158/metadata-parameter-value-arrays-for-rp">
https://bitbucket.org/openid/connect/issues/2158/metadata-parameter-value-arrays-for-rp</a> and
<a href="https://github.com/openid/federation/issues/12">https://github.com/openid/federation/issues/12</a>.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Reviews welcomed!<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> -- Mike<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt"><openid-connect-rp-metadata-choices-1_0.xml><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt"><openid-connect-rp-metadata-choices-1_0.html><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt">_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-ab">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><o:p></o:p></span></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt"><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Openid-specs-ab mailing list<o:p></o:p></pre>
<pre><a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><o:p></o:p></pre>
<pre><a href="https://lists.openid.net/mailman/listinfo/openid-specs-ab">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><o:p></o:p></pre>
</blockquote>
</div>
</body>
</html>