<div dir="ltr">Let's move the discussion to <a href="mailto:id-event@ietf.org">id-event@ietf.org</a><div><a href="https://mailarchive.ietf.org/arch/msg/id-event/XiwMlWg8-wueh_9om494Ci_to3I">https://mailarchive.ietf.org/arch/msg/id-event/XiwMlWg8-wueh_9om494Ci_to3I</a><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature">Marius</div></div>
<br><div class="gmail_quote">On Tue, Apr 11, 2017 at 3:17 PM, William Denniss <span dir="ltr"><<a href="mailto:wdenniss@google.com" target="_blank">wdenniss@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Since it's a global namespace, we could simply allow for both by only specifying it as "URI".  That way, URNs can be used for events that have standards, and URLs used for privately defined ones.</div><div><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 11, 2017 at 2:58 PM, Phil Hunt (IDM) <span dir="ltr"><<a href="mailto:phil.hunt@oracle.com" target="_blank">phil.hunt@oracle.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>This was discussed at length with Mike Jones and William Dennis and others(Justin, John) in Argentina. They lobbied hard for uri based identifies and against urns which is what the spec at the time had. </div><div id="m_2455071996577294450m_-1348071616976223663m_-8935230204778782017AppleMailSignature"><br></div><div id="m_2455071996577294450m_-1348071616976223663m_-8935230204778782017AppleMailSignature">We can put the text back if the consensus has changed. <br><br>Phil</div><div><br>On Apr 11, 2017, at 2:37 PM, Marius Scurtescu <<a href="mailto:mscurtescu@google.com" target="_blank">mscurtescu@google.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">Good point, will start the discussion on the secevent list.</div><div class="gmail_extra"><br clear="all"><div><div class="m_2455071996577294450m_-1348071616976223663m_-8935230204778782017gmail_signature" data-smartmail="gmail_signature">Marius</div></div>
<br><div class="gmail_quote">On Tue, Apr 11, 2017 at 2:34 PM, Hardt, Dick <span dir="ltr"><<a href="mailto:dick@amazon.com" target="_blank">dick@amazon.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">







<div bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="m_2455071996577294450m_-1348071616976223663m_-8935230204778782017m_7770326286236529845WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">I think the format of these should be decided in secevent.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">I think your proposal of secevents starting with “urn:ietf:params:secevent:even<wbr>t-type:” is one worth proposing in secevent.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">"urn:ietf:params:secevent:aud-<wbr>client-id:<client-id>" is clearly a secevent discussion item<span class="m_2455071996577294450m_-1348071616976223663m_-8935230204778782017HOEnZb"><font color="#888888"><u></u><u></u></font></span></span></p><span class="m_2455071996577294450m_-1348071616976223663m_-8935230204778782017HOEnZb"><font color="#888888">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">/Dick<u></u><u></u></span></p></font></span><div><div class="m_2455071996577294450m_-1348071616976223663m_-8935230204778782017h5">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><u></u> <u></u></span></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">On 4/11/17, 2:16 PM, someone claiming to be "Marius Scurtescu" <<a href="mailto:mscurtescu@google.com" target="_blank">mscurtescu@google.com</a>> wrote:<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">"urn:ietf:params:secevent:even<wbr>t-type:risc:sessions-revoked" would be an event URI, the key under the "events" claim
<u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">"urn:ietf:params:secevent:aud-<wbr>client-id:<client-id>" would be the aud claim, and this solves the "SET re-played as an access token" issue<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p>
<div>
<p class="MsoNormal" style="margin-left:.5in"><br clear="all">
<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">Marius<u></u><u></u></p>
</div>
</div>
<p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p>
<div>
<p class="MsoNormal" style="margin-left:.5in">On Tue, Apr 11, 2017 at 2:07 PM, Hardt, Dick <<a href="mailto:dick@amazon.com" target="_blank">dick@amazon.com</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:Calibri">Where are you thinking this is in the secevent SET Marius?</span><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:Calibri"> </span><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
On 4/11/17, 10:56 AM, someone claiming to be "Openid-specs-risc on behalf of Marius Scurtescu" <<a href="mailto:openid-specs-risc-bounces@lists.openid.net" target="_blank">openid-specs-risc-bounces@lis<wbr>ts.openid.net</a> on behalf of
<a href="mailto:mscurtescu@google.com" target="_blank">mscurtescu@google.com</a>> wrote:<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
 <u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
While talking about events, we should also decide how the event URI will look like for RISC.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
 <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
I propose we use URN sub-delegation for "ietf" namespace (RFC 3553), something like:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
urn:ietf:params:secevent:event<wbr>-type:risc:sessions-revoked<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
urn:ietf:params:secevent:event<wbr>-type:risc:tokens-revoked<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
urn:ietf:params:secevent:event<wbr>-type:risc:account-deleted<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
urn:ietf:params:secevent:event<wbr>-type:risc:all ?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
 <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
Maybe instead of "event-type" in the above URNs we should use "profile"? Since "risc" above signifies a whole class of event type and not a particular one:<u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
urn:ietf:params:secevent:profi<wbr>le:risc:sessions-revoked<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
...<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
 <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
We can use this scheme for other RISC related URNs, like a prefixed aud:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
urn:ietf:params:secevent:aud-c<wbr>lient-id:<client-id><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
 <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
Thoughts?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
 <u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
Marius<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p>
</div>
</div>
</div>
</div></div></div>
</div>

</blockquote></div><br></div>
</div></blockquote><blockquote type="cite"><div><span>______________________________<wbr>_________________</span><br><span>Openid-specs-risc mailing list</span><br><span><a href="mailto:Openid-specs-risc@lists.openid.net" target="_blank">Openid-specs-risc@lists.openid<wbr>.net</a></span><br><span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=xWx68AhS5M_By2Kzn2sWKxgaTcobfi-OdzG-BY75oQ0&s=GlmLO4LTDZglq1yIkAKmtEZG9Fwx_e5fxSEQGspbwAo&e=" target="_blank">https://urldefense.proofpoint.<wbr>com/v2/url?u=http-3A__lists.op<wbr>enid.net_mailman_listinfo_open<wbr>id-2Dspecs-2Drisc&d=DwICAg&c=R<wbr>oP1YumCXCgaWHvlZYR8PQcxBKCX5YT<wbr>pkKY057SbK10&r=JBm5biRrKugCH0F<wbr>kITSeGJxPEivzjWwlNKe4C_lLIGk&m<wbr>=xWx68AhS5M_By2Kzn2sWKxgaTcobf<wbr>i-OdzG-BY75oQ0&s=GlmLO4LTDZglq<wbr>1yIkAKmtEZG9Fwx_e5fxSEQGspbwAo<wbr>&e=</a> </span><br></div></blockquote></div></blockquote></div><br></div></div></div></div>
</blockquote></div><br></div>