<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:11.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1841509392;
mso-list-template-ids:-151364040;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">OpenID Federation draft 42 has been published at <a href="https://openid.net/specs/openid-federation-1_0-42.html">
https://openid.net/specs/openid-federation-1_0-42.html</a> and <a href="https://openid.net/specs/openid-federation-1_0.html">
https://openid.net/specs/openid-federation-1_0.html</a>. It contains the last normative changes expected before the Federation interop event planned for April 28-30 at the SUNET offices in Stockholm, Sweden.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The primary focus of this release was incorporating feedback on the metadata policy language to make it as simple and consistent as possible. Vladimir Dzhuvinov created test cases corresponding to this set of updates, which are published
at <a href="https://connect2id.com/blog/metadata-policy-test-vectors-openid-federation">https://connect2id.com/blog/metadata-policy-test-vectors-openid-federation</a>. These will be one of the kinds of tests available at the interop event.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">As usual, <a href="https://openid.net/specs/openid-federation-1_0-42.html#name-document-history">
the history entries</a> describe the changes in detail. For this draft, they are:<o:p></o:p></p>
<p class="MsoNormal">-42<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1 lfo1">Addresses #11, #180: Allows the following unconditional operator combinations: add + superset_of. Makes the following previously conditional operator combinations unconditional: default + one_of, default
+ subset_of, default + superset_of. Makes the following previously unconditional operator combination conditional: value + essential. Allows the following conditional operator combinations: value + add, value + default, value + one_of, value + subset_of, value
+ superset_of.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Addresses #182: When applying the subset_of operator on a metadata parameter, if the resulting intersection is empty, then the metadata is made empty. Previously it was removed, which may lead to policy
override for metadata parameters that a have default value, for instance grant_types RP metadata or grant_types_supported OP metadata. The merge of two subset_of operators is changed to allow empty intersection as well.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Addresses #129: Clarifies that the combination rules for a metadata policy operator apply to both individual as well as merged metadata parameter policies.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #184: Clarified that Request Objects can be passed by value or by reference.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #178: Clarify that other client methods (than automatic and explicit) are allowed.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #181: Contributed metadata policies must be logically sound and consistent with one another.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #130: Allow multiple Trust Anchor values to be passed in resolve requests.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Require trust_chain claim in resolve response.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #161: Prohibit loops in Trust Chains.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #47: Described using and not using a provided Trust Chain during Automatic Registration.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #85: Clarified Trust Chain selection during Explicit Registration. Also corrected the authority_hints value in the Explicit Registration response to be the Immediate Superior of the RP in the Trust
Chain selected for it by the OP.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #35: Clarified that using non-interoperable JSON, as per Sections 4 and 8 of RFC 8259, can result in unpredictable metadata and metadata policy behavior.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1">Fixed #162: Trust Mark claim id renamed to trust_mark_id. Other more specific Trust Mark JWT typ header parameter values can be used if defined by trust frameworks in use and understood by the implementation.<o:p></o:p></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> -- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>