[Openid-specs-risc] Fwd: New Version Notification for draft-hunt-idevent-token-04.txt

Phil Hunt phil.hunt at oracle.com
Thu Sep 1 17:28:03 UTC 2016


Based on input this week, I have posted draft 04.

Highlights include:
   o  Re-added the "sub" claim with clarifications that any SET type may
      use it.
   o  Added additional clarification on the use of envelope vs. paylaod
      attributes
   o  Added security consideration for event timing.
   o  Switched use of "attribute" to "claim" for consistency.
   o  Revised examples to put "sub" claim back in the top level.
   o  Added clarification that SETs typically do not use "exp".
   o  Added security consideration for distinguishing Access Tokens and
      SETs.

Thanks for the great reviews. I think we are getting close to consensus on this.

Phil

@independentid
www.independentid.com <http://www.independentid.com/>phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>





> Begin forwarded message:
> 
> From: internet-drafts at ietf.org
> Subject: New Version Notification for draft-hunt-idevent-token-04.txt
> Date: September 1, 2016 at 10:22:30 AM PDT
> To: "William Denniss" <wdenniss at google.com>, "Phil Hunt" <phil.hunt at yahoo.com>, <none-chairs at ietf.org>, "Michael B. Jones" <mbj at microsoft.com>, "Morteza Ansari" <morteza.ansari at cisco.com>, "Michael Jones" <mbj at microsoft.com>
> 
> 
> A new version of I-D, draft-hunt-idevent-token-04.txt
> has been successfully submitted by Phil Hunt and posted to the
> IETF repository.
> 
> Name:		draft-hunt-idevent-token
> Revision:	04
> Title:		Security Event Token (SET)
> Document date:	2016-09-01
> Group:		Individual Submission
> Pages:		17
> URL:            https://www.ietf.org/internet-drafts/draft-hunt-idevent-token-04.txt
> Status:         https://datatracker.ietf.org/doc/draft-hunt-idevent-token/
> Htmlized:       https://tools.ietf.org/html/draft-hunt-idevent-token-04
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-hunt-idevent-token-04
> 
> Abstract:
>   This specification defines the Security Event token, which may be
>   distributed via a protocol such as HTTP.  The Security Event Token
>   (SET) specification profiles the JSON Web Token (JWT) and may be
>   optionally signed and/or encrypted.  A SET describes a statement of
>   fact that may be shared by an event publisher with event subscribers.
> 
> 
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> The IETF Secretariat
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20160901/984a6e6b/attachment.html>


More information about the Openid-specs-risc mailing list