...
- Breaking changes:
- Scope identifiers for PAT and AAT now use https instead of http
- Section 1.4: Changed the claim_profiles_supported property in the configuration data to claim_token_profiles_supported
- Section 1.4: Changed the user_endpoint property in the configuration data to authorization_endpoint, to match the final IETF RFC 6749 name in OAuth 2.0
- Section 1.4: Changed the authorization_request_endpoint property in the configuration data to rpt_endpoint, to distinguish it more fully from the OAuth endpoint and to shorten it
- Changes of note:
- Identifiers for spec-defined profiles now use https instead of http
- Migrated the claim profiling spec's requesting party claims endpoint configuration data to the core spec, and made it optional to supply.
- Migrated the claim profiling spec's "need_claims" extensions to the core spec, broadened it to "need_info", and gave it "error_details" hints in the core spec.
From Claim Profiles 00 to 01 (not yet published):
- Breaking changes:
- "type" and "value" JSON body properties changed to "claim_format" and "claim_body".
- Changes of note:
- Identifiers for claim profiles now use full URIs instead of strings and URIs have been shortened somewhat.
- Lots of content removed and rearranged in the spec.
...:
- We decided not to progress this specification in its current form, so we will let it expire and will not reference it from Core.
From RSR rev 03 to rev 04:
- Removed the "status: xxx" property from all the AS responses in the RSR API.
From RSR rev 04 to rev 05:
- Changes of note:
- Added a new optional resource_uri parameter to the resource set description, to support resource discovery at an authorization server.