[Openid-specs-risc] FW: Security Event Token (SET) is now RFC 8417

Mike Jones Michael.Jones at microsoft.com
Tue Jul 10 15:14:59 UTC 2018


A key building block used by RISC is now finished!

From: Mike Jones
Sent: Tuesday, July 10, 2018 8:14 AM
To: 'id-event at ietf.org' <id-event at ietf.org>
Subject: Security Event Token (SET) is now RFC 8417

The Security Event Token (SET) specification is now RFC 8417<https://www.rfc-editor.org/rfc/rfc8417.txt>.  The abstract describes the specification as:
This specification defines the Security Event Token (SET) data structure. A SET describes statements of fact from the perspective of an issuer about a subject. These statements of fact represent an event that occurred directly to or about a security subject, for example, a statement about the issuance or revocation of a token on behalf of a subject. This specification is intended to enable representing security- and identity-related events. A SET is a JSON Web Token (JWT), which can be optionally signed and/or encrypted. SETs can be distributed via protocols such as HTTP.

SETs are already in use to represent OpenID Connect Back-Channel Logout<http://openid.net/specs/openid-connect-backchannel-1_0.html> tokens and to represent Risk and Incident Sharing and Coordination (RISC)<http://openid.net/wg/risc/> events.  Thanks to my co-editors, members of the IETF ID Events mailing list, and members of the IETF Security Events working group for making this standard a reality!

                                                       -- Mike

P.S.  This notice was also published at http://self-issued.info/?p=1891 and as @selfissued<https://twitter.com/selfissued>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20180710/923b8497/attachment.html>


More information about the Openid-specs-risc mailing list