diff --git a/openid-federation-1_0.xml b/openid-federation-1_0.xml
index 08342da..b24f280 100644
--- a/openid-federation-1_0.xml
+++ b/openid-federation-1_0.xml
@@ -509,6 +509,9 @@
kid (Key ID) header parameter
with its value being the Key ID of the signing key used.
+
+
+
The Claims in an Entity Statement are listed below.
Applications and protocols utilizing Entity Statements MAY specify
@@ -808,6 +811,8 @@
+
+
Entity Statements MUST be validated in the following manner.
@@ -982,6 +987,24 @@
to validate that this is the fetch endpoint
from which the Entity Statement was issued.
+
+ If the trust_chain header parameter is present,
+ validate that its value is a syntactically valid Trust Chain,
+ as specified in .
+ The first entry in the Trust Chain
+ MUST be an Entity Configuration for this Entity.
+ Implementations SHOULD validate that the Entity Identifier
+ for the Trust Anchor at the end of the Trust Chain matches
+ one of the Trust Anchors configured for the deployment.
+
+
+ If the peer_trust_chain header parameter is present,
+ validate that its value is a syntactically valid Trust Chain,
+ as specified in .
+ Implementations SHOULD validate that the Entity Identifier
+ for the Trust Anchor at the end of the Trust Chain matches
+ one of the Trust Anchors configured for the deployment.
+
If the aud Claim is present,
if the Entity Statement is an Explicit Registration request,
@@ -1006,24 +1029,6 @@
Explicit Registration responses
unless its use is otherwise specified in an extension being employed.
-
- If the trust_chain header parameter is present,
- validate that its value is a syntactically valid Trust Chain,
- as specified in .
- The first entry in the Trust Chain
- MUST be an Entity Configuration for this Entity.
- Implementations SHOULD validate that the Entity Identifier
- for the Trust Anchor at the end of the Trust Chain matches
- one of the Trust Anchors configured for the deployment.
-
-
- If the peer_trust_chain header parameter is present,
- validate that its value is a syntactically valid Trust Chain,
- as specified in .
- Implementations SHOULD validate that the Entity Identifier
- for the Trust Anchor at the end of the Trust Chain matches
- one of the Trust Anchors configured for the deployment.
-
@@ -7840,23 +7845,23 @@ HTTP/1.1 302 Found
-
+
- The application/explicit-registration-response+jwt
+ The application/trust-mark-status-response+jwt
media type is used to specify that the associated content is
- an Explicit Registration response, as defined in .
+ a Trust Mark Status Response,
+ as defined in .
No parameters are used with this media type.
-
+
- The application/trust-mark-status-response+jwt
+ The application/explicit-registration-response+jwt
media type is used to specify that the associated content is
- a Trust Mark Status Response,
- as defined in .
+ an Explicit Registration response, as defined in .
No parameters are used with this media type.
@@ -11510,6 +11515,10 @@ Host: op.umu.se
Made section and figure titles more consistent.
+
+
+ Reordered some text to group protocol-independent text together
+ and protocol-specific text together.
Applied suggestions from Nat Sakimura improving the descriptions of