<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Yes, we definitely don't want the OP to return multiple-choices.
This spec should not be used in responses from OPs.<br>
</p>
<pre class="moz-signature" cols="72">Vladimir Dzhuvinov</pre>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 09/10/2024 23:23, Michael Jones
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:SJ0PR02MB7439A62CE6A0A68E6570A1A1B77F2@SJ0PR02MB7439.namprd02.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:Aptos;}@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Aptos",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
font-size:10.0pt;
font-family:"Courier New";}span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0in;}ul
{margin-bottom:0in;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Filip’s observation that OPs wouldn’t
return multiple choices in Dynamic Client Registration
responses is correct. We can clarify that in a subsequent
version of the spec.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">
-- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-family:"Calibri",sans-serif">From:</span></b><span
style="font-family:"Calibri",sans-serif">
Openid-specs-ab
<a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab-bounces@lists.openid.net"><openid-specs-ab-bounces@lists.openid.net></a>
<b>On Behalf Of </b>Vladimir Dzhuvinov / Connect2id via
Openid-specs-ab<br>
<b>Sent:</b> Wednesday, October 9, 2024 12:45 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br>
<b>Cc:</b> Vladimir Dzhuvinov / Connect2id
<a class="moz-txt-link-rfc2396E" href="mailto:vladimir@connect2id.com"><vladimir@connect2id.com></a><br>
<b>Subject:</b> Re: [Openid-specs-ab] Contributing
OpenID Connect Relying Party Metadata Choices 1.0 spec
to the working group<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p>This spec is intended for clients that need to publish their
metadata, for example at a well-known endpoint, without having
a particular AS / OP in mind.<span style="font-size:12.0pt"><o:p></o:p></span></p>
<p>This is the natural situation in OpenID Federation. Federated
RPs are able to get auto-registered by many OPs, potentially
OPs that belong to more than one federation and are thus
required to fulfill disjoint policies / profiles.
<o:p></o:p></p>
<p>For example:<o:p></o:p></p>
<ul type="disc">
<li class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt;mso-list:l0 level1 lfo1">
Federation A allows ID tokens signed with RS256 and the
majority of its OPs support only that alg<o:p></o:p></li>
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Federation B is FAPI 2.0 compliant and requires ID tokens
signed with other algs<o:p></o:p></li>
</ul>
<p><o:p> </o:p></p>
<p>In OpenID Federation this spec also makes it possible to
define and apply RP metadata policies that are guaranteed to
work across multiple federations.
<o:p></o:p></p>
<p><o:p> </o:p></p>
<pre>Vladimir<o:p></o:p></pre>
<div>
<p class="MsoNormal">On 09/10/2024 20:40, Filip Skokan via
Openid-specs-ab wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hello Mike, <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I struggle to see these as metadata
that the AS is meant to respond with to a DCR request. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I understand the intention of allowing
the client to say "here's what I support, you choose for
me". What I don't get is why the client can't figure out
what to use exactly based on the AS metadata in the first
place. I must be surely missing something so apologies
there. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Nevertheless I don't think the AS
should ever have the need to respond with these metadata
in a DCR enpoint response. So, they might be useful as
input but don't make much sense in responses to me.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">- Filip<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt">9.<span
style="font-family:"Arial",sans-serif"> </span>10.<span
style="font-family:"Arial",sans-serif"> </span>2024
v 4:35, Michael Jones via Openid-specs-ab
<a href="mailto:openid-specs-ab@lists.openid.net"
moz-do-not-send="true"><openid-specs-ab@lists.openid.net></a>:<o:p></o:p></p>
</blockquote>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span
style="font-family:"Tahoma",sans-serif"></span>
<span style="font-size:12.0pt">
<o:p></o:p></span></p>
<p class="MsoNormal">The authors of the attached
specification hereby contribute it to the OpenID
Connect working group. It was created to address
issues
<a
href="https://bitbucket.org/openid/connect/issues/2158/metadata-parameter-value-arrays-for-rp"
moz-do-not-send="true" class="moz-txt-link-freetext">
https://bitbucket.org/openid/connect/issues/2158/metadata-parameter-value-arrays-for-rp</a>
and
<a
href="https://github.com/openid/federation/issues/12"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/openid/federation/issues/12</a>.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">
-- Mike<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-family:"Calibri",sans-serif">From:</span></b><span
style="font-family:"Calibri",sans-serif"> Michael Jones
<br>
<b>Sent:</b> Thursday, October 3, 2024 10:09 PM<br>
<b>To:</b> <a
href="mailto:openid-specs-ab@lists.openid.net"
moz-do-not-send="true"
class="moz-txt-link-freetext">openid-specs-ab@lists.openid.net</a><br>
<b>Subject:</b> FW: OpenID Connect Relying Party
Metadata Choices 1.0 spec</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">On Monday’s working group call, we
discussed that I should go through the list of
<a
href="https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#client-metadata"
moz-do-not-send="true">
registered OAuth Client Metadata values</a> and see
if there were any more that should be added to the
list in this specification. My conclusion was that
there were not. I’ll therefore plan to contribute it
to the working group as-is so we can start addressing
the issues filed unless I hear feedback soon
requesting changes first.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">
Thanks all,<o:p></o:p></p>
<p class="MsoNormal">
-- Mike<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<div
style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-family:"Calibri",sans-serif">From:</span></b><span
style="font-family:"Calibri",sans-serif"> Michael Jones
<br>
<b>Sent:</b> Sunday, September 29, 2024 7:53 PM<br>
<b>To:</b> <a
href="mailto:openid-specs-ab@lists.openid.net"
moz-do-not-send="true"
class="moz-txt-link-freetext">openid-specs-ab@lists.openid.net</a><br>
<b>Subject:</b> OpenID Connect Relying Party
Metadata Choices 1.0 spec</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The attached spec (with source and
HTML output) defines client metadata parameters
corresponding to all the single-valued OpenID Connect
Dynamic Client Registration metadata parameters,
letting RPs declare the sets of values for these
parameters that they support. This is intended to
address both <a
href="https://bitbucket.org/openid/connect/issues/2158/metadata-parameter-value-arrays-for-rp"
moz-do-not-send="true" class="moz-txt-link-freetext">
https://bitbucket.org/openid/connect/issues/2158/metadata-parameter-value-arrays-for-rp</a>
and
<a
href="https://github.com/openid/federation/issues/12"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/openid/federation/issues/12</a>.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Reviews welcomed!<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">
-- Mike<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt"><openid-connect-rp-metadata-choices-1_0.xml><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt"><openid-connect-rp-metadata-choices-1_0.html><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt">_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net"
moz-do-not-send="true"
class="moz-txt-link-freetext">Openid-specs-ab@lists.openid.net</a><br>
<a
href="https://lists.openid.net/mailman/listinfo/openid-specs-ab"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><o:p></o:p></span></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt"><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Openid-specs-ab mailing list<o:p></o:p></pre>
<pre><a href="mailto:Openid-specs-ab@lists.openid.net"
moz-do-not-send="true" class="moz-txt-link-freetext">Openid-specs-ab@lists.openid.net</a><o:p></o:p></pre>
<pre><a
href="https://lists.openid.net/mailman/listinfo/openid-specs-ab"
moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><o:p></o:p></pre>
</blockquote>
</div>
</blockquote>
</body>
</html>