[Openid-specs-risc] RISC event URIs

Hardt, Dick dick at amazon.com
Tue Apr 11 21:34:01 UTC 2017 

I think the format of these should be decided in secevent.

I think your proposal of secevents starting with “urn:ietf:params:secevent:event-type:” is one worth proposing in secevent.

"urn:ietf:params:secevent:aud-client-id:<client-id>" is clearly a secevent discussion item

/Dick

On 4/11/17, 2:16 PM, someone claiming to be "Marius Scurtescu" <mscurtescu at google.com<mailto:mscurtescu at google.com>> wrote:

"urn:ietf:params:secevent:event-type:risc:sessions-revoked" would be an event URI, the key under the "events" claim

"urn:ietf:params:secevent:aud-client-id:<client-id>" would be the aud claim, and this solves the "SET re-played as an access token" issue


Marius

On Tue, Apr 11, 2017 at 2:07 PM, Hardt, Dick <dick at amazon.com<mailto:dick at amazon.com>> wrote:
Where are you thinking this is in the secevent SET Marius?

On 4/11/17, 10:56 AM, someone claiming to be "Openid-specs-risc on behalf of Marius Scurtescu" <openid-specs-risc-bounces at lists.openid.net<mailto:openid-specs-risc-bounces at lists.openid.net> on behalf of mscurtescu at google.com<mailto:mscurtescu at google.com>> wrote:

While talking about events, we should also decide how the event URI will look like for RISC.

I propose we use URN sub-delegation for "ietf" namespace (RFC 3553), something like:
urn:ietf:params:secevent:event-type:risc:sessions-revoked
urn:ietf:params:secevent:event-type:risc:tokens-revoked
urn:ietf:params:secevent:event-type:risc:account-deleted
urn:ietf:params:secevent:event-type:risc:all ?

Maybe instead of "event-type" in the above URNs we should use "profile"? Since "risc" above signifies a whole class of event type and not a particular one:
urn:ietf:params:secevent:profile:risc:sessions-revoked
...

We can use this scheme for other RISC related URNs, like a prefixed aud:
urn:ietf:params:secevent:aud-client-id:<client-id>

Thoughts?

Marius

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20170411/2743d635/attachment.html>

More information about the Openid-specs-risc mailing list