[Openid-specs-risc] RISC event URIs

Phil Hunt (IDM) phil.hunt at oracle.com
Tue Apr 11 21:58:19 UTC 2017


This was discussed at length with Mike Jones and William Dennis and others(Justin, John) in Argentina. They lobbied hard for uri based identifies and against urns which is what the spec at the time had. 

We can put the text back if the consensus has changed. 

Phil

> On Apr 11, 2017, at 2:37 PM, Marius Scurtescu <mscurtescu at google.com> wrote:
> 
> Good point, will start the discussion on the secevent list.
> 
> Marius
> 
>> On Tue, Apr 11, 2017 at 2:34 PM, Hardt, Dick <dick at amazon.com> wrote:
>> I think the format of these should be decided in secevent.
>> 
>>  
>> 
>> I think your proposal of secevents starting with “urn:ietf:params:secevent:event-type:” is one worth proposing in secevent.
>> 
>>  
>> 
>> "urn:ietf:params:secevent:aud-client-id:<client-id>" is clearly a secevent discussion item
>> 
>>  
>> 
>> /Dick
>> 
>>  
>> 
>> On 4/11/17, 2:16 PM, someone claiming to be "Marius Scurtescu" <mscurtescu at google.com> wrote:
>> 
>>  
>> 
>> "urn:ietf:params:secevent:event-type:risc:sessions-revoked" would be an event URI, the key under the "events" claim
>> 
>>  
>> 
>> "urn:ietf:params:secevent:aud-client-id:<client-id>" would be the aud claim, and this solves the "SET re-played as an access token" issue
>> 
>>  
>> 
>> 
>> 
>> Marius
>> 
>>  
>> 
>> On Tue, Apr 11, 2017 at 2:07 PM, Hardt, Dick <dick at amazon.com> wrote:
>> 
>> Where are you thinking this is in the secevent SET Marius?
>> 
>>  
>> 
>> On 4/11/17, 10:56 AM, someone claiming to be "Openid-specs-risc on behalf of Marius Scurtescu" <openid-specs-risc-bounces at lists.openid.net on behalf of mscurtescu at google.com> wrote:
>> 
>>  
>> 
>> While talking about events, we should also decide how the event URI will look like for RISC.
>> 
>>  
>> 
>> I propose we use URN sub-delegation for "ietf" namespace (RFC 3553), something like:
>> 
>> urn:ietf:params:secevent:event-type:risc:sessions-revoked
>> 
>> urn:ietf:params:secevent:event-type:risc:tokens-revoked
>> 
>> urn:ietf:params:secevent:event-type:risc:account-deleted
>> 
>> urn:ietf:params:secevent:event-type:risc:all ?
>> 
>>  
>> 
>> Maybe instead of "event-type" in the above URNs we should use "profile"? Since "risc" above signifies a whole class of event type and not a particular one:
>> 
>> urn:ietf:params:secevent:profile:risc:sessions-revoked
>> 
>> ...
>> 
>>  
>> 
>> We can use this scheme for other RISC related URNs, like a prefixed aud:
>> 
>> urn:ietf:params:secevent:aud-client-id:<client-id>
>> 
>>  
>> 
>> Thoughts?
>> 
>>  
>> 
>> Marius
>> 
>>  
>> 
> 
> _______________________________________________
> Openid-specs-risc mailing list
> Openid-specs-risc at lists.openid.net
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=xWx68AhS5M_By2Kzn2sWKxgaTcobfi-OdzG-BY75oQ0&s=GlmLO4LTDZglq1yIkAKmtEZG9Fwx_e5fxSEQGspbwAo&e= 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20170411/1380c345/attachment.html>


More information about the Openid-specs-risc mailing list