Version 1.21.0 of the Consumer Data Standards was published on the 16th of December 2022.
Below is a summary of the changes included in V1.21.0. For a complete view it is recommended to read the Change Log on the Consumer Data Standards.
JARM Response Signing:
- The decision is the minimum set of signing algorithms is both PS256 and ES256.
- The decision is that Data Holders must support, at a minimum.
JARM Response Encryption
- The decision is the minimum set of encryption algorithms is [“RSA-OAEP”, “RSA-OAEP-256”] for the alg and [“A256GCM”, “A128CBC-HS256”] for the enc encryption values.
- The decision is Data Holders may support authorisation response encryption, but it is not required at this time. If Data Holders do support response encryption, then they must support the minimum set.
OpenID Provider Metadata
- The decision is to change OpenID Provider Metadata to list the required JARM parameters and conditional requirements for OIDC Hybrid Flow and ID token encryption.
Client Registration Properties
The decision is to change the Registration Properties to include JARM and Authorization Code Flow support.