<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:11.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:350374588;
mso-list-template-ids:-1252871504;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Draft 41 of the OpenID Federation specification has been published at
<a href="https://openid.net/specs/openid-federation-1_0-41.html">https://openid.net/specs/openid-federation-1_0-41.html</a> and
<a href="https://openid.net/specs/openid-federation-1_0.html">https://openid.net/specs/openid-federation-1_0.html</a>. Particular thanks go to recent contributors Michael Fraser, Pedram Hosseyni, Marko Ivanèiæ, £ukasz Jaromin, Niels van Dijk, Tim Würtele,
and Gabriel Zachmann for their substantive contributions to improving the specification!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">As recorded in the <a href="https://openid.net/specs/openid-federation-1_0-41.html#name-document-history">
history entry</a>, the changes in -41 were:<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #131: Changed anchor request parameter to trust_anchor, changed trust_anchor_id claim to trust_anchor, and changed type request parameter to entity_type.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Explicitly typed base64url-encoded examples that were previously untyped. Also added missing client_id and iss values in some examples.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #7, #86, #134, and #148: Provides implementation considerations on Federation topologies.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #136: Defined additional error codes and rationalized naming. Renamed trust_chain_validation_failed to invalid_trust_chain and renamed missing_trust_anchor to invalid_trust_anchor.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #133: Refined wording about client authentication when using Automatic Registration and added token_endpoint_auth_methods_supported in RP metadata example.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Reference OpenID Connect Relying Party Metadata Choices 1.0.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #143: Added Trust Mark Issuer and Trust Mark Owner to Terminology section.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #139: Clarified description of using request objects.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #140: Federation Entity Keys MUST NOT appear in metadata.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #105 and #106: Informatively say that the require_signed_request_object and require_pushed_authorization_requests metadata parameters can be used.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #107: Clarified how to validate Trust Marks.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #114: Described why it may make sense to not support the use of request_uri other than in conjunction with a PAR request.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #108: Removed remark about trust mark delegation revocation.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #120: Required kid (Key ID) header parameter in Signed JWK Set JWTs.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Define media type for Explicit Registration responses application/explicit-registration-response+jwt distinct from application/entity-statement+jwt.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Restrict audience values to the single Entity Identifier of the intended recipient.<o:p></o:p></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> -- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>