[Openid-specs-risc] RISC event URIs

Marius Scurtescu mscurtescu at google.com
Tue Apr 11 22:45:09 UTC 2017


Let's move the discussion to id-event at ietf.org
https://mailarchive.ietf.org/arch/msg/id-event/XiwMlWg8-wueh_9om494Ci_to3I

Marius

On Tue, Apr 11, 2017 at 3:17 PM, William Denniss <wdenniss at google.com>
wrote:

> Since it's a global namespace, we could simply allow for both by only
> specifying it as "URI".  That way, URNs can be used for events that have
> standards, and URLs used for privately defined ones.
>
> On Tue, Apr 11, 2017 at 2:58 PM, Phil Hunt (IDM) <phil.hunt at oracle.com>
> wrote:
>
>> This was discussed at length with Mike Jones and William Dennis and
>> others(Justin, John) in Argentina. They lobbied hard for uri based
>> identifies and against urns which is what the spec at the time had.
>>
>> We can put the text back if the consensus has changed.
>>
>> Phil
>>
>> On Apr 11, 2017, at 2:37 PM, Marius Scurtescu <mscurtescu at google.com>
>> wrote:
>>
>> Good point, will start the discussion on the secevent list.
>>
>> Marius
>>
>> On Tue, Apr 11, 2017 at 2:34 PM, Hardt, Dick <dick at amazon.com> wrote:
>>
>>> I think the format of these should be decided in secevent.
>>>
>>>
>>>
>>> I think your proposal of secevents starting with
>>> “urn:ietf:params:secevent:event-type:” is one worth proposing in
>>> secevent.
>>>
>>>
>>>
>>> "urn:ietf:params:secevent:aud-client-id:<client-id>" is clearly a
>>> secevent discussion item
>>>
>>>
>>>
>>> /Dick
>>>
>>>
>>>
>>> On 4/11/17, 2:16 PM, someone claiming to be "Marius Scurtescu" <
>>> mscurtescu at google.com> wrote:
>>>
>>>
>>>
>>> "urn:ietf:params:secevent:event-type:risc:sessions-revoked" would be an
>>> event URI, the key under the "events" claim
>>>
>>>
>>>
>>> "urn:ietf:params:secevent:aud-client-id:<client-id>" would be the aud
>>> claim, and this solves the "SET re-played as an access token" issue
>>>
>>>
>>>
>>>
>>> Marius
>>>
>>>
>>>
>>> On Tue, Apr 11, 2017 at 2:07 PM, Hardt, Dick <dick at amazon.com> wrote:
>>>
>>> Where are you thinking this is in the secevent SET Marius?
>>>
>>>
>>>
>>> On 4/11/17, 10:56 AM, someone claiming to be "Openid-specs-risc on
>>> behalf of Marius Scurtescu" <openid-specs-risc-bounces at lists.openid.net
>>> on behalf of mscurtescu at google.com> wrote:
>>>
>>>
>>>
>>> While talking about events, we should also decide how the event URI will
>>> look like for RISC.
>>>
>>>
>>>
>>> I propose we use URN sub-delegation for "ietf" namespace (RFC 3553),
>>> something like:
>>>
>>> urn:ietf:params:secevent:event-type:risc:sessions-revoked
>>>
>>> urn:ietf:params:secevent:event-type:risc:tokens-revoked
>>>
>>> urn:ietf:params:secevent:event-type:risc:account-deleted
>>>
>>> urn:ietf:params:secevent:event-type:risc:all ?
>>>
>>>
>>>
>>> Maybe instead of "event-type" in the above URNs we should use "profile"?
>>> Since "risc" above signifies a whole class of event type and not a
>>> particular one:
>>>
>>> urn:ietf:params:secevent:profile:risc:sessions-revoked
>>>
>>> ...
>>>
>>>
>>>
>>> We can use this scheme for other RISC related URNs, like a prefixed aud:
>>>
>>> urn:ietf:params:secevent:aud-client-id:<client-id>
>>>
>>>
>>>
>>> Thoughts?
>>>
>>>
>>>
>>> Marius
>>>
>>>
>>>
>>
>> _______________________________________________
>> Openid-specs-risc mailing list
>> Openid-specs-risc at lists.openid.net
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.op
>> enid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwICAg&c=R
>> oP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0F
>> kITSeGJxPEivzjWwlNKe4C_lLIGk&m=xWx68AhS5M_By2Kzn2sWKxgaTcobf
>> i-OdzG-BY75oQ0&s=GlmLO4LTDZglq1yIkAKmtEZG9Fwx_e5fxSEQGspbwAo&e=
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20170411/4d4d0434/attachment.html>


More information about the Openid-specs-risc mailing list