From 99ef3d92a545c32efa1f1e0db274512c8ea878b7 Mon Sep 17 00:00:00 2001 From: Michael Jones Date: Sun, 25 Jan 2026 22:21:45 -0800 Subject: [PATCH 1/2] Apply editorial improvements originally made in 1.1 specs --- openid-federation-1_0.xml | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/openid-federation-1_0.xml b/openid-federation-1_0.xml index 647837e..d6c96ce 100644 --- a/openid-federation-1_0.xml +++ b/openid-federation-1_0.xml @@ -26,7 +26,7 @@ OpenID Federation 1.0 - - draft 47 + draft 48 - + OpenID Connect Working Group @@ -1422,13 +1422,13 @@ The Entity Type Identifier uniquely identifies the Entity Type of a federation participant and the metadata format for that Entity Type. This - section defines a federation_entity Entity + section defines the federation_entity Entity Type Identifier as well as identifiers for OpenID Connect and OAuth 2.0 Federation Entities. Additional Entity Type Identifiers MAY be defined to - support use cases outside OpenID Connect and OAuth 2.0 federations. + support use cases for other protocols.
@@ -6733,7 +6733,7 @@ GET /authorize? a client authentication method for the PAR endpoint MUST be used that proves possession of one of the RP's private keys. Furthermore, the corresponding public key MUST be in the - Entity's RP JWK Set. + Entity's RP JWK Set . The two applicable PAR client authentication methods are: @@ -7433,8 +7433,9 @@ HTTP/1.1 302 Found value in the response MUST be explicit-registration-response+jwt (and not entity-statement+jwt) - to prevent confusion between the Explicit Registration response - and other kinds of Entity Statements. + to prevent cross-JWT confusion between the Explicit Registration response + and other kinds of Entity Statements, + per Section 3.11 of .
@@ -11677,6 +11678,15 @@ Host: op.umu.se
[[ To be removed from the final specification ]] + + -48 + + + Applied editorial improvements originally made in the 1.1 specifications. + + + + -47 From 4ecc482ca585463deaab5708cacbf98b5f042c1c Mon Sep 17 00:00:00 2001 From: Michael Jones Date: Sat, 31 Jan 2026 10:46:03 -0800 Subject: [PATCH 2/2] Only list terms that are actually used --- openid-federation-1_0.xml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/openid-federation-1_0.xml b/openid-federation-1_0.xml index d6c96ce..b1bc99b 100644 --- a/openid-federation-1_0.xml +++ b/openid-federation-1_0.xml @@ -78,7 +78,7 @@ - + OpenID Connect Working Group @@ -232,7 +232,7 @@ by OpenID Connect Core 1.0, and the terms "Authorization Endpoint", "Authorization Server (AS)", "Client", "Client Authentication", "Client Identifier", "Client Secret", - "Grant Type", "Protected Resource", "Redirection URI", "Refresh Token", + "Protected Resource", "Redirection URI", "Refresh Token", "Resource Server (RS)", and "Token Endpoint" defined by OAuth 2.0. @@ -1117,7 +1117,9 @@ - In an OpenID Connect identity federation, an RP or an OP, + An Entity with no Subordinate Entities, + which typically plays a protocol role. + For instance, in an OpenID Connect identity federation, an RP or an OP, or in an OAuth 2.0 federation, a Client, Authorization Server, or Protected Resource. @@ -10406,7 +10408,7 @@ HTTP/1.1 302 Found - + @@ -10462,7 +10464,7 @@ HTTP/1.1 302 Found - +