[Openid-specs-risc] FW: Security Event Token (SET) is now RFC 8417
Michael.Jones at microsoft.com
Tue Jul 10 15:14:59 UTC 2018
A key building block used by RISC is now finished!
From: Mike Jones
Sent: Tuesday, July 10, 2018 8:14 AM
To: 'id-event at ietf.org' <id-event at ietf.org>
Subject: Security Event Token (SET) is now RFC 8417
The Security Event Token (SET) specification is now RFC 8417<https://www.rfc-editor.org/rfc/rfc8417.txt>. The abstract describes the specification as:
This specification defines the Security Event Token (SET) data structure. A SET describes statements of fact from the perspective of an issuer about a subject. These statements of fact represent an event that occurred directly to or about a security subject, for example, a statement about the issuance or revocation of a token on behalf of a subject. This specification is intended to enable representing security- and identity-related events. A SET is a JSON Web Token (JWT), which can be optionally signed and/or encrypted. SETs can be distributed via protocols such as HTTP.
SETs are already in use to represent OpenID Connect Back-Channel Logout<http://openid.net/specs/openid-connect-backchannel-1_0.html> tokens and to represent Risk and Incident Sharing and Coordination (RISC)<http://openid.net/wg/risc/> events. Thanks to my co-editors, members of the IETF ID Events mailing list, and members of the IETF Security Events working group for making this standard a reality!
P.S. This notice was also published at http://self-issued.info/?p=1891 and as @selfissued<https://twitter.com/selfissued>.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-risc