[Openid-specs-risc] RISC event URIs
Marius Scurtescu
mscurtescu at google.com
Tue Apr 11 21:16:26 UTC 2017
"urn:ietf:params:secevent:event-type:risc:sessions-revoked" would be an
event URI, the key under the "events" claim
"urn:ietf:params:secevent:aud-client-id:<client-id>" would be the aud
claim, and this solves the "SET re-played as an access token" issue
Marius
On Tue, Apr 11, 2017 at 2:07 PM, Hardt, Dick <dick at amazon.com> wrote:
> Where are you thinking this is in the secevent SET Marius?
>
>
>
> On 4/11/17, 10:56 AM, someone claiming to be "Openid-specs-risc on behalf
> of Marius Scurtescu" <openid-specs-risc-bounces at lists.openid.net on
> behalf of mscurtescu at google.com> wrote:
>
>
>
> While talking about events, we should also decide how the event URI will
> look like for RISC.
>
>
>
> I propose we use URN sub-delegation for "ietf" namespace (RFC 3553),
> something like:
>
> urn:ietf:params:secevent:event-type:risc:sessions-revoked
>
> urn:ietf:params:secevent:event-type:risc:tokens-revoked
>
> urn:ietf:params:secevent:event-type:risc:account-deleted
>
> urn:ietf:params:secevent:event-type:risc:all ?
>
>
>
> Maybe instead of "event-type" in the above URNs we should use "profile"?
> Since "risc" above signifies a whole class of event type and not a
> particular one:
>
> urn:ietf:params:secevent:profile:risc:sessions-revoked
>
> ...
>
>
>
> We can use this scheme for other RISC related URNs, like a prefixed aud:
>
> urn:ietf:params:secevent:aud-client-id:<client-id>
>
>
>
> Thoughts?
>
>
>
> Marius
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20170411/eea40ba3/attachment.html>
More information about the Openid-specs-risc
mailing list