Removed outdated statements and examples

Addresses: ConsumerDataStandardsAustralia/standards-maintenance#543

slate/source/includes/releasenotes/releasenotes.1.30.0.html.md

@@ -21,7 +21,7 @@ This release addresses the following minor defects raised on [Standards Staging]
 
 This release addresses the following change requests raised on [Standards Maintenance](https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues):
 
-- [Standards Maintenance #XXX - Title](https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/XXX)
+- [Standards Maintenance #543 - refresh_token_expires_at and sharing_expires_at claims listed as MUST be supported](https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/543)
 
 
 ### Decision Proposals
@@ -56,6 +56,7 @@ This release addresses the following Decision Proposals published on [Standards]
 ## Information Security Profile
 |Change|Description|Link|
 |------|-----------|----|
+| Removed outdated statements | [**Standards Maintenance #543**](https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/543): Removed outdated statements related to the `refresh_token_expires_at` and `sharing_expires_at` claims | [Scopes and Claims](../../#scopes-and-claims)<br>[Request Object](../../#request-object)
 
 
 ## Register Standards

slate/source/includes/security/_consent.md

@@ -13,7 +13,6 @@ In addition to CDR data scopes the following scopes **MUST** be supported:
 
 ### Claims
 
-
 The following [normal](https://openid.net/specs/openid-connect-core-1_0.html#NormalClaims) **[[OIDC]](#nref-OIDC)** and [standard claims](https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims) claims **MUST** be supported for the authenticated End-User*:
 
 - `sub`: [Pairwise Pseudonymous Identifier (PPID)](#identifiers) for the End-User at the Data Holder.
@@ -24,10 +23,15 @@ The following [normal](https://openid.net/specs/openid-connect-core-1_0.html#Nor
 - `family_name`: Surname(s) or last name(s) of the End-User.
 - `updated_at`: Time the End-User's information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T00:00:00Z to the UTC `updated_at` time.
 
-The following additional claims **MUST** be supported:
+```diff
+Removed outdated statements and Non-normative Examples referring to the `refresh_token_expires_at` and `sharing_expires_at` in the following sections:
+* Security Profile > Scopes and Claims > Claims
+* Security Profile > Tokens
+* Security Profile > Identifiers and Subject Types
+* Security Profile > Security Endpoints > OpenID Provider Configuration End Point
+* Security Profile > Security Endpoints > Authorisation End Point
 
-- `refresh_token_expires_at`: indicates the date-time at which the most recently provided refresh token will expire. Its value **MUST** be a number containing a NumericDate value, as specified in section 2 of [section 2](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-2) **[[JWT]](#nref-JWT)**.  If no refresh token has been provided then a zero value should be returned.
-- `sharing_expires_at`: indicates the date-time at which the current sharing arrangement will expire. Its value **MUST** be a number containing a NumericDate value, as specified in [section 2](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-2) of **[[JWT]](#nref-JWT)**.  If consent is not complete or a `sharing_duration` was not requested in the authorisation request object then a zero value should be returned.
+```
 
 The following standard **[[OIDC]](#nref-OIDC)** claims **MAY** be supported:
 

slate/source/includes/security/_identifiers_and_subject_types.md

@@ -42,24 +42,6 @@ client_id=s6BhdRkqt3
 }
 ```
 
-> Decoded JWT
-
-```
-{
-  "iss": "https://data.holder.com.au",
-  "sub": "a9ebbef6-1f0b-44eb-96cf-0c5b51b37ab2",
-  "aud": "12345",
-  "nonce": "n-0S6_WzA2Mj",
-  "exp": 1311281970,
-  "iat": 1311280970,
-  "nbf": 1311280970,
-  "auth_time": 1311280969,
-  "acr": "urn:cds.au:cdr:3",
-  "refresh_token_expires_at": 1311281970,
-  "sharing_expires_at": 1311281970
-}
-```
-
 > Decoded JWT - FAPI 1.0 Final Phase 3 Obligation  
 
 ```

slate/source/includes/security/_request_object.md

@@ -91,7 +91,13 @@ To accomplish this, the Data Holder **MUST** support an additional claim in the
 
 Note that the period of `one year` in the above statements **SHOULD** be interpreted as 365, 24 hour days (or 31,536,000 seconds).
 
-The Data Recipient Software Product is able to obtain the expiration of sharing via the `sharing_expires_at` claim.
+```diff
+Updated statement referring to the `sharing_expires_at` claim, replacing it with a reference to the `exp` field:
+- The Data Recipient Software Product is able to obtain the expiration of sharing via the `sharing_expires_at` claim.
++ The Data Recipient Software Product is able to obtain the expiration of sharing via the `exp` field in tokens and the introspection endpoint.
+```
+
+The Data Recipient Software Product is able to obtain the expiration of sharing via the `exp` field in tokens and the introspection endpoint.
 
 ### Specifying an existing arrangement
 Provided a Data Holder supports PAR, they **MUST** also support the ``cdr_arrangement_id`` claim provided in the Request Object sent to the [PAR End Point](#pushed-authorisation-end-point). The Data Recipient Software Product **MAY** provide the ``cdr_arrangement_id`` claim in the Request Object sent to the [PAR End Point](#pushed-authorisation-end-point).

slate/source/includes/security/_tokens.md

@@ -1,24 +1,6 @@
 ## Tokens  
 ### ID Token
 
-> Non-Normative Example - acr
-
-```
-{
-  "iss": "https://www.holder.com.au",
-  "sub": "a9ebbef6-1f0b-44eb-96cf-0c5b51b37ab2",
-  "aud": "12345",
-  "nonce": "n-0S6_WzA2Mj",
-  "exp": 1311281970,
-  "iat": 1311280970,
-  "nbf": 1311280970,
-  "auth_time": 1311280969,
-  "acr": "urn:cds.au:cdr:3",
-  "refresh_token_expires_at": 1311281970,
-  "sharing_expires_at": 1311281970
-}
-```
-
 > Non-Normative Example - FAPI 1.0 Final Phase 3 Obligations
 
 ```

slate/source/includes/security/endpoints/_authorisation.md

@@ -39,12 +39,6 @@ Host: www.holder.com.au
       "acr": {
         "essential": true,
         "values": ["urn:cds.au:cdr:2"]
-      },
-      "refresh_token_expires_at": {
-        "essential": true
-      },
-      "sharing_expires_at": {
-        "essential": true
       }
     }
   }

slate/source/includes/security/endpoints/_oidc_provider_configuration.md

@@ -15,7 +15,7 @@ Content-Type: application/json
 {
   "acr_values_supported": ["urn:cds.au:cdr:2","urn:cds.au:cdr:3"],
   "authorization_endpoint": "https://www.dh.com.au/authorise",
-  "claims_supported": ["name", "given_name", "family_name", "acr", "auth_time", "sub", "refresh_token_expires_at", "sharing_expires_at"],
+  "claims_supported": ["name", "given_name", "family_name", "acr", "auth_time", "sub"],
   "grant_types_supported": ["authorization_code", "client_credentials", "urn:openid:params:modrna:grant-type:backchannel_request"],
   "id_token_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "dir", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW" ],
   "id_token_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ],