[Openid-specs-risc] RISC Event Types

Marius Scurtescu mscurtescu at google.com
Fri Feb 2 23:17:43 UTC 2018


Hi,

Here are the proposed RISC Event Types, please review and comment.

The document is at https://bitbucket.org/openid/risc/src
in risc-event-types.xml.

Have a great weekend,
Marius
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20180202/c27a2b42/attachment-0001.html>
-------------- next part --------------




                                                            M. Scurtescu
                                                                  Google
                                                              A. Backman
                                                                  Amazon
                                                                 P. Hunt
                                                                  Oracle
                                                              J. Bradley
                                                                  Yubico
                                                        January 29, 2018


                            RISC Event Types
                          risc-event-types-00

Abstract

   This document defines the RTISC Event Types.  Event Types are
   introduced and defined in Security Event Token (SET) [SET].

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   1
     1.1.  Notational Conventions  . . . . . . . . . . . . . . . . .   2
   2.  Event Types . . . . . . . . . . . . . . . . . . . . . . . . .   2
     2.1.  Account Credential Change Required  . . . . . . . . . . .   2
     2.2.  Account Deleted . . . . . . . . . . . . . . . . . . . . .   3
     2.3.  Account Disabled  . . . . . . . . . . . . . . . . . . . .   3
     2.4.  Account Enabled . . . . . . . . . . . . . . . . . . . . .   4
     2.5.  Identifier Changed  . . . . . . . . . . . . . . . . . . .   4
     2.6.  Identifier Recycled . . . . . . . . . . . . . . . . . . .   5
     2.7.  Opt Out . . . . . . . . . . . . . . . . . . . . . . . . .   6
       2.7.1.  Opt In  . . . . . . . . . . . . . . . . . . . . . . .   7
       2.7.2.  Opt Out Initiated . . . . . . . . . . . . . . . . . .   7
       2.7.3.  Opt Out Cancelled . . . . . . . . . . . . . . . . . .   8
       2.7.4.  Opt Out Effective . . . . . . . . . . . . . . . . . .   8
     2.8.  Recovery Activated  . . . . . . . . . . . . . . . . . . .   8
     2.9.  Recovery Information Changed  . . . . . . . . . . . . . .   8
     2.10. Sessions Revoked  . . . . . . . . . . . . . . . . . . . .   9
   3.  Normative References  . . . . . . . . . . . . . . . . . . . .   9
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   9

1.  Introduction

   This specification is based on RISC Profile [RISC-PROFILE] and uses
   the subject identifiers defined there.






Scurtescu, et al.        Expires August 2, 2018                 [Page 1]


                            risc-event-types                January 2018


1.1.  Notational Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

2.  Event Types

   The base URI for RISC event types is:
   http://schemas.openid.net/secevent/risc/event-type/

2.1.  Account Credential Change Required

   Event Type URI:
   http://schemas.openid.net/secevent/risc/event-type/account-
   credential-change-required

   Account Credential Change Required signals that the account
   identified by the subject was required to change a credential.  For
   example the user was required to go through a password change.

   Attributes: none

   {
     "iss": "https://idp.example.com/",
     "jti": "756E69717565206964656E746966696572",
     "iat": 1508184845,
     "aud": "636C69656E745F6964",
     "events": {
       "http://schemas.openid.net/secevent/risc/event-type/\
       account-credential-change-required": {
         "subject": {
           "subject_type": "iss-sub",
           "iss": "https://idp.example.com/",
           "sub": "7375626A656374",
         }
       }
     }
   }

   _(the event type URI is wrapped, the backslash is the continuation
   character)_

           Figure 1: Example: Account Credential Change Required







Scurtescu, et al.        Expires August 2, 2018                 [Page 2]


                            risc-event-types                January 2018


2.2.  Account Deleted

   Event Type URI:
   http://schemas.openid.net/secevent/risc/event-type/account-deleted

   Account Deleted signals that the account identified by the subject
   has been permanently deleted.

   Attributes: none

2.3.  Account Disabled

   Event Type URI:
   http://schemas.openid.net/secevent/risc/event-type/account-disabled

   Account Disabled signals that the account identified by the subject
   has been disabled.  The actual reason why the account was disabled
   might be specified with the nested 'reason' attribute described
   below.  The account may be enabled (Section 2.4) in the future.

   Attributes:

   o  reason - optional, describes why was the account disabled.
      Possible values:

      *  hijacking

      *  bulk-account

   o  cause-time - the initial cause that lead to the account to be
      disabled.  In most cases this is an estimated time.  For example,
      the actual hijacking time.  This is before the event time.



















Scurtescu, et al.        Expires August 2, 2018                 [Page 3]


                            risc-event-types                January 2018


   {
     "iss": "https://idp.example.com/",
     "jti": "756E69717565206964656E746966696572",
     "iat": 1508184845,
     "aud": "636C69656E745F6964",
     "events": {
       "http://schemas.openid.net/secevent/risc/event-type/\
       account-disabled": {
         "subject": {
           "subject_type": "iss-sub",
           "iss": "https://idp.example.com/",
           "sub": "7375626A656374",
         },
         "reason": "hijacking",
         "cause-time": 1508012752,
       }
     }
   }

   _(the event type URI is wrapped, the backslash is the continuation
   character)_

                    Figure 2: Example: Account Disabled

2.4.  Account Enabled

   Event Type URI:
   http://schemas.openid.net/secevent/risc/event-type/account-enabled

   Account Enabled signals that the account identified by the subject
   has been enabled.

   Attributes: none

2.5.  Identifier Changed

   Event Type URI:
   http://schemas.openid.net/secevent/risc/event-type/identifier-changed

   Identifier Changed signals that the identifier specified in the
   subject has changed.  The subject's type MUST be either 'email' or
   'phone' and it MUST specify the old value.

   Attributes:

   o  new-value - required, the new value of the identifier.





Scurtescu, et al.        Expires August 2, 2018                 [Page 4]


                            risc-event-types                January 2018


   {
     "iss": "https://idp.example.com/",
     "jti": "756E69717565206964656E746966696572",
     "iat": 1508184845,
     "aud": "636C69656E745F6964",
     "events": {
       "http://schemas.openid.net/secevent/risc/event-type/\
       identifier-changed": {
         "subject": {
           "subject_type": "email",
           "email": "foo at example.com",
         },
         "new-value": "bar at example.com",
       }
     }
   }

   The 'foo at example.com' email changed to 'bar at example.com'.  _(the
   event type URI is wrapped, the backslash is the continuation
   character)_

                   Figure 3: Example: Identifier Changed

2.6.  Identifier Recycled

   Event Type URI:
   http://schemas.openid.net/secevent/risc/event-type/identifier-
   recycled

   Identifier Recycled signals that the identifier specified in the
   subject was recycled and now it belongs to a new user.  The subject
   MUST be either 'email' or 'phone-number'.

   Attributes: none

















Scurtescu, et al.        Expires August 2, 2018                 [Page 5]


                            risc-event-types                January 2018


   {
     "iss": "https://idp.example.com/",
     "jti": "756E69717565206964656E746966696572",
     "iat": 1508184845,
     "aud": "636C69656E745F6964",
     "events": {
       "http://schemas.openid.net/secevent/risc/event-type/\
       identifier-recycled": {
         "subject": {
           "subject_type": "email",
           "email": "foo at example.com",
         }
       }
     }
   }

   The 'foo at example.com' email address was recycled.  _(the event type
   URI is wrapped, the backslash is the continuation character)_

                  Figure 4: Example: Identifier Recycled

2.7.  Opt Out

   Users SHOULD be allowed to opt-in and out of RISC events being sent
   for their accounts.  With regards to opt-out an account can be in one
   of these three states:

   1.  opt-in - the account is participating in RISC event exchange.

   2.  opt-out-initiated - the user requested to be excluded from RISC
       event exchanges, but for practical security reasons for a period
       of time RISC events are still exchanged.  The main reason for
       this state is to prevent a hijacker from immediately opting out
       of RISC.

   3.  opt-out - the account is NOT participating in RISC event
       exchange.














Scurtescu, et al.        Expires August 2, 2018                 [Page 6]


                            risc-event-types                January 2018


   State changes trigger Opt-Out Events as represented bellow:

   +--------+  opt-out-initiated  +-------------------+
   |        +--------------------->                   |
   | opt-in |                     | opt-out-initiated |
   |        |  pt-out-cancelled   |                   |
   |        <---------------------+                   |
   +---^----+                     +----------+--------+
       |                                     |
       | opt-in                              | opt-out-effective
       |                                     |
       |                          +----------V--------+
       |                          |                   |
       +--------------------------| opt-out           |
                                  |                   |
                                  +-------------------+

                Figure 5: Opt-Out States and Opt-Out Events

   Both Transmitters and Receivers SHOULD manage Opt-Out state for
   users.  Transmitters should send the events defined in this section
   when the Opt-Out state changes.

2.7.1.  Opt In

   Event Type URI:
   http://schemas.openid.net/secevent/risc/event-type/opt-in

   Opt In signals that the account identified by the subject opted into
   RISC event exchanges.  The account is in the 'opt-in' state.

   Attributes: none

2.7.2.  Opt Out Initiated

   Event Type URI:
   http://schemas.openid.net/secevent/risc/event-type/opt-out-initiated

   Opt Out Initiated signals that the account identified by the subject
   initiated to opt out from RISC event exchanges.  The account is in
   the 'opt-out-initiated' state.

   Attributes: none








Scurtescu, et al.        Expires August 2, 2018                 [Page 7]


                            risc-event-types                January 2018


2.7.3.  Opt Out Cancelled

   Event Type URI:
   http://schemas.openid.net/secevent/risc/event-type/opt-out-cancelled

   Opt Out Cancelled signals that the account identified by the subject
   cancelled the opt out from RISC event exchanges.  The account is in
   the 'opt-in' state.

   Attributes: none

2.7.4.  Opt Out Effective

   Event Type URI:
   http://schemas.openid.net/secevent/risc/event-type/opt-out-effective

   Opt Out Effective signals that the account identified by the subject
   was effectively opted out from RISC event exchanges.  The account is
   in the 'opt-out' state.

   Attributes: none

2.8.  Recovery Activated

   Event Type URI:
   http://schemas.openid.net/secevent/risc/event-type/recovery-activated

   Recovery Activated signals that the account identified by the subject
   activated a recovery flow.

   Attributes: none

2.9.  Recovery Information Changed

   Event Type URI:
   http://schemas.openid.net/secevent/risc/event-type/recovery-
   information-changed

   Recovery Information Changed signals that the account identified by
   the subject has changed some of its recovery information.  For
   example a recovery email address was added or removed.

   Attributes: none








Scurtescu, et al.        Expires August 2, 2018                 [Page 8]


                            risc-event-types                January 2018


2.10.  Sessions Revoked

   Event Type URI:
   http://schemas.openid.net/secevent/risc/event-type/sessions-revoked

   Sessions Revoked signals that all the sessions for the account
   identified by the subject have been revoked.

   Attributes: none

3.  Normative References

   [JSON]     Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
              Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
              2014, <https://www.rfc-editor.org/info/rfc7159>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
              RFC2119, March 1997, <https://www.rfc-editor.org/info/
              rfc2119>.

   [RISC-PROFILE]
              OpenID Foundation, "RISC Profile", .

   [SET]      IETF, "Security Event Token (SET)", <https://tools.ietf
              .org/html/draft-ietf-secevent-token>.

Authors' Addresses

   Marius Scurtescu
   Google

   Email: mscurtescu at google.com


   Annabelle Backman
   Amazon

   Email: richanna at amazon.com


   Phil Hunt
   Oracle Corporation

   Email: phil.hunt at yahoo.com






Scurtescu, et al.        Expires August 2, 2018                 [Page 9]


                            risc-event-types                January 2018


   John Bradley
   Yubico

   Email: secevemt at ve7jtb.com















































Scurtescu, et al.        Expires August 2, 2018                [Page 10]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: risc-event-types.epub
Type: application/epub+zip
Size: 31258 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20180202/c27a2b42/attachment-0001.epub>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: risc-event-types.pdf
Type: application/pdf
Size: 12679 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20180202/c27a2b42/attachment-0001.pdf>


More information about the Openid-specs-risc mailing list