<div dir="ltr">A "relying party" is a term of art in the OIDC spec, and is defined up front, so I think we're okay there:<div><br></div><div><a href="http://openid.net/specs/openid-connect-core-1_0.html#Terminology">http://openid.net/specs/openid-connect-core-1_0.html#Terminology</a><br></div><div>"Relying Party (RP)</div>
<div>OAuth 2.0 Client application requiring End-User Authentication and Claims from an OpenID Provider."</div><div><br></div><div>Regarding the should/SHOULD and must/MUST, good questions!</div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr">
<p><b>Eve Maler<br></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl<br>Join our <a href="http://forgerock.org/openuma/" target="_blank">ForgeRock.org OpenUMA</a> community!</p></div></div></div></div></div>
<br><div class="gmail_quote">On Sat, Nov 28, 2015 at 12:11 AM, Danny van Leeuwen <span dir="ltr"><<a href="mailto:danny@health-hats.com" target="_blank">danny@health-hats.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><p style="margin:0in;line-height:21pt">1 question</p><p style="margin:0in;line-height:21pt">2 words that might need to be capitalized</p><p style="margin:0in;line-height:21pt"><br></p><p style="margin:0in;line-height:21pt">Otherwise the grammar is good.</p><p style="margin:0in;line-height:21pt"><span style="font-weight:bold;font-family:verdana;font-size:14pt"><a href="http://openid.bitbucket.org/HEART/openid-heart-oidc.html#rfc.abstract" target="_blank">Abstract</a></span></p>
<p style="margin:0in;font-family:verdana;font-size:10pt;color:black">The
OpenID Connect protocol defines an identity federation system that allows a <span style="background:yellow">relying</span> [what is a <span style="font-weight:bold">relying</span>
party?] party to request and receive authentication and profile information
about an end user</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> </p>
<p style="margin:0in;font-family:Calibri;font-size:9pt;color:rgb(89,89,89)">From
<<a href="http://openid.bitbucket.org/HEART/openid-heart-oidc.html" target="_blank">http://openid.bitbucket.org/HEART/openid-heart-oidc.html</a>>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> </p>
<p style="margin:0in;line-height:21pt"><a href="http://openid.bitbucket.org/HEART/openid-heart-oidc.html#rfc.section.5" target="_blank"><span style="font-weight:bold;font-family:verdana;font-size:14pt">5.</span></a><span style="font-weight:bold;font-family:verdana;font-size:14pt;color:black"> </span><a href="http://openid.bitbucket.org/HEART/openid-heart-oidc.html#AuthenticationContext" target="_blank"><span style="font-weight:bold;font-family:verdana;font-size:14pt">Authentication
Context</span></a></p>
<p style="margin:0in;font-family:verdana;font-size:10pt;color:black">OpenID
Providers MUST provide acr (authentication context class reference, equivalent
to the Security Assertion Markup Language (SAML) element of the same name) and
amr (authentication methods reference) values in ID tokens.</p>
<p style="margin:0in;font-family:verdana;font-size:10pt;color:black">The
standardized Uniform Resource Identifiers (URIs) established by the Federal
Identity, Credential, and Access Management (FICAM) Trust Framework <span style="background:yellow">should</span> [SHOULD?] be used
for the acr values, depending on the Level of Assurance (LOA) of the
authentication performed by the OpenID Provider:</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> </p>
<p style="margin:0in;font-family:Calibri;font-size:9pt;color:rgb(89,89,89)">From
<<a href="http://openid.bitbucket.org/HEART/openid-heart-oidc.html" target="_blank">http://openid.bitbucket.org/HEART/openid-heart-oidc.html</a>>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> </p>
<p style="margin:0in;font-family:Calibri"><span style="font-size:11pt">The </span><span style="font-size:10pt">amr</span><span style="font-size:11pt"> value
is an array of strings describing the set of mechanisms used to authenticate
the user to the OpenID Provider. Providers that require multi-factor
authentication will typically provide multiple values (for example, memorized
password plus hardware-token-generated one-time password). The specific values </span><span style="font-size:11pt;background:yellow">must</span><span style="font-size:11pt"> [MUST?] be agreed upon and understood between the
OpenID Provider and any Relying Parties.</span></p>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> </p>
<p style="margin:0in;font-family:Calibri;font-size:9pt;color:rgb(89,89,89)">From
<<a href="http://openid.bitbucket.org/HEART/openid-heart-oidc.html" target="_blank">http://openid.bitbucket.org/HEART/openid-heart-oidc.html</a>> </p><span class="HOEnZb"><font color="#888888"><div><br></div>-- <br><div><font color="#330099">Danny van Leeuwen<br><a href="tel:617-304-4681" value="+16173044681" target="_blank">617-304-4681</a><br></font><div><b><font color="#330099"><br></font></b><div><b><font color="#330099">Blog <a href="http://www.health-hats.com/" target="_blank">www.health-hats.com</a> <i><span style="font-size:8pt;font-family:'Arial Black',sans-serif">discovering the magic levers of best health</span></i></font></b></div></div><div><b><font color="#330099">Twitter </font></b><b><font color="#330099"><i><span style="font-size:8pt;font-family:'Arial Black',sans-serif">@healthhats</span></i></font></b></div></div>
</font></span></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br></div>