Merge pull request #187 from selfissued/mbj-passing-request-objects

selfissued · web-flow · commit 023e5e6524b1 · 2025-02-26T09:19:17.000Z
Request Objects can be passed by value or by reference
diff --git a/openid-federation-1_0.xml b/openid-federation-1_0.xml
@@ -5798,9 +5798,9 @@ Content-Type: application/json
         <section anchor="authn-request" title="Authentication Request">
           <t>
             The Authentication Request is performed by passing a
-            signed Request Object by value as described in Section 6.1 of
+            Request Object by value or by reference, as described in Section 6 of
             <xref target="OpenID.Core">OpenID Connect Core 1.0</xref>
-	    and <xref target="RFC9101">The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)</xref>
+	    and <xref target="RFC9101">The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)</xref>,
             or using a pushed authorization request, as described in
             <xref target="RFC9126">Pushed Authorization Requests</xref>.
 	  </t>
@@ -10045,6 +10045,9 @@ Host: op.umu.se
       <t>
 	-42
 	<list style="symbols">
+	  <t>
+	    Fixed #184: Clarified that Request Objects can be passed by value or by reference.
+	  </t>
       <t>
         Fixed #178: Clarify that other client methods (than automatic and explicit) are allowed.
       </t>
