<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head profile="http://www.w3.org/2006/03/hcard http://dublincore.org/documents/2008/08/04/dc-html/">
  <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />

  <title>OpenID RISC Event Types 1.0</title>

  <style type="text/css" title="Xml2Rfc (sans serif)">
  /*<![CDATA[*/
          a {
          text-decoration: none;
          }
      /* info code from SantaKlauss at http://www.madaboutstyle.com/tooltip2.html */
      a.info {
          /* This is the key. */
          position: relative;
          z-index: 24;
          text-decoration: none;
      }
      a.info:hover {
          z-index: 25;
          color: #FFF; background-color: #900;
      }
      a.info span { display: none; }
      a.info:hover span.info {
          /* The span will display just on :hover state. */
          display: block;
          position: absolute;
          font-size: smaller;
          top: 2em; left: -5em; width: 15em;
          padding: 2px; border: 1px solid #333;
          color: #900; background-color: #EEE;
          text-align: left;
      }
          a.smpl {
          color: black;
          }
          a:hover {
          text-decoration: underline;
          }
          a:active {
          text-decoration: underline;
          }
          address {
          margin-top: 1em;
          margin-left: 2em;
          font-style: normal;
          }
          body {
          color: black;
          font-family: verdana, helvetica, arial, sans-serif;
          font-size: 10pt;
          max-width: 55em;
          
          }
          cite {
          font-style: normal;
          }
          dd {
          margin-right: 2em;
          }
          dl {
          margin-left: 2em;
          }
        
          ul.empty {
          list-style-type: none;
          }
          ul.empty li {
          margin-top: .5em;
          }
          dl p {
          margin-left: 0em;
          }
          dt {
          margin-top: .5em;
          }
          h1 {
          font-size: 14pt;
          line-height: 21pt;
          page-break-after: avoid;
          }
          h1.np {
          page-break-before: always;
          }
          h1 a {
          color: #333333;
          }
          h2 {
          font-size: 12pt;
          line-height: 15pt;
          page-break-after: avoid;
          }
          h3, h4, h5, h6 {
          font-size: 10pt;
          page-break-after: avoid;
          }
          h2 a, h3 a, h4 a, h5 a, h6 a {
          color: black;
          }
          img {
          margin-left: 3em;
          }
          li {
          margin-left: 2em;
          margin-right: 2em;
          }
          ol {
          margin-left: 2em;
          margin-right: 2em;
          }
          ol p {
          margin-left: 0em;
          }
          p {
          margin-left: 2em;
          margin-right: 2em;
          }
          pre {
          margin-left: 3em;
          background-color: lightyellow;
          padding: .25em;
          }
          pre.text2 {
          border-style: dotted;
          border-width: 1px;
          background-color: #f0f0f0;
          width: 69em;
          }
          pre.inline {
          background-color: white;
          padding: 0em;
          }
          pre.text {
          border-style: dotted;
          border-width: 1px;
          background-color: #f8f8f8;
          width: 69em;
          }
          pre.drawing {
          border-style: solid;
          border-width: 1px;
          background-color: #f8f8f8;
          padding: 2em;
          }
          table {
          margin-left: 2em;
          }
          table.tt {
          vertical-align: top;
          }
          table.full {
          border-style: outset;
          border-width: 1px;
          }
          table.headers {
          border-style: outset;
          border-width: 1px;
          }
          table.tt td {
          vertical-align: top;
          }
          table.full td {
          border-style: inset;
          border-width: 1px;
          }
          table.tt th {
          vertical-align: top;
          }
          table.full th {
          border-style: inset;
          border-width: 1px;
          }
          table.headers th {
          border-style: none none inset none;
          border-width: 1px;
          }
          table.left {
          margin-right: auto;
          }
          table.right {
          margin-left: auto;
          }
          table.center {
          margin-left: auto;
          margin-right: auto;
          }
          caption {
          caption-side: bottom;
          font-weight: bold;
          font-size: 9pt;
          margin-top: .5em;
          }
        
          table.header {
          border-spacing: 1px;
          width: 95%;
          font-size: 10pt;
          color: white;
          }
          td.top {
          vertical-align: top;
          }
          td.topnowrap {
          vertical-align: top;
          white-space: nowrap; 
          }
          table.header td {
          background-color: gray;
          width: 50%;
          }
          table.header a {
          color: white;
          }
          td.reference {
          vertical-align: top;
          white-space: nowrap;
          padding-right: 1em;
          }
          thead {
          display:table-header-group;
          }
          ul.toc, ul.toc ul {
          list-style: none;
          margin-left: 1.5em;
          margin-right: 0em;
          padding-left: 0em;
          }
          ul.toc li {
          line-height: 150%;
          font-weight: bold;
          font-size: 10pt;
          margin-left: 0em;
          margin-right: 0em;
          }
          ul.toc li li {
          line-height: normal;
          font-weight: normal;
          font-size: 9pt;
          margin-left: 0em;
          margin-right: 0em;
          }
          li.excluded {
          font-size: 0pt;
          }
          ul p {
          margin-left: 0em;
          }
        
          .comment {
          background-color: yellow;
          }
          .center {
          text-align: center;
          }
          .error {
          color: red;
          font-style: italic;
          font-weight: bold;
          }
          .figure {
          font-weight: bold;
          text-align: center;
          font-size: 9pt;
          }
          .filename {
          color: #333333;
          font-weight: bold;
          font-size: 12pt;
          line-height: 21pt;
          text-align: center;
          }
          .fn {
          font-weight: bold;
          }
          .hidden {
          display: none;
          }
          .left {
          text-align: left;
          }
          .right {
          text-align: right;
          }
          .title {
          color: #990000;
          font-size: 18pt;
          line-height: 18pt;
          font-weight: bold;
          text-align: center;
          margin-top: 36pt;
          }
          .vcardline {
          display: block;
          }
          .warning {
          font-size: 14pt;
          background-color: yellow;
          }
        
        
          @media print {
          .noprint {
                display: none;
          }
        
          a {
                color: black;
                text-decoration: none;
          }
        
          table.header {
                width: 90%;
          }
        
          td.header {
                width: 50%;
                color: black;
                background-color: white;
                vertical-align: top;
                font-size: 12pt;
          }
        
          ul.toc a::after {
                content: leader('.') target-counter(attr(href), page);
          }
        
          ul.ind li li a {
                content: target-counter(attr(href), page);
          }
        
          .print2col {
                column-count: 2;
                -moz-column-count: 2;
                column-fill: auto;
          }
          }
        
          @page {
          @top-left {
                   content: "Internet-Draft"; 
          } 
          @top-right {
                   content: "December 2010"; 
          } 
          @top-center {
                   content: "Abbreviated Title";
          } 
          @bottom-left {
                   content: "Doe"; 
          } 
          @bottom-center {
                   content: "Expires June 2011"; 
          } 
          @bottom-right {
                   content: "[Page " counter(page) "]"; 
          } 
          }
        
          @page:first { 
                @top-left {
                  content: normal;
                }
                @top-right {
                  content: normal;
                }
                @top-center {
                  content: normal;
                }
          }
  /*]]>*/
  </style>

  <link href="#rfc.toc" rel="Contents"/>
<link href="#rfc.section.1" rel="Chapter" title="1 Introduction"/>
<link href="#rfc.section.1.1" rel="Chapter" title="1.1 Notational Conventions"/>
<link href="#rfc.section.2" rel="Chapter" title="2 Event Types"/>
<link href="#rfc.section.2.1" rel="Chapter" title="2.1 Account Credential Change Required"/>
<link href="#rfc.section.2.2" rel="Chapter" title="2.2 Account Purged"/>
<link href="#rfc.section.2.3" rel="Chapter" title="2.3 Account Disabled"/>
<link href="#rfc.section.2.4" rel="Chapter" title="2.4 Account Enabled"/>
<link href="#rfc.section.2.5" rel="Chapter" title="2.5 Identifier Changed"/>
<link href="#rfc.section.2.6" rel="Chapter" title="2.6 Identifier Recycled"/>
<link href="#rfc.section.2.7" rel="Chapter" title="2.7 Opt Out"/>
<link href="#rfc.section.2.7.1" rel="Chapter" title="2.7.1 Opt In"/>
<link href="#rfc.section.2.7.2" rel="Chapter" title="2.7.2 Opt Out Initiated"/>
<link href="#rfc.section.2.7.3" rel="Chapter" title="2.7.3 Opt Out Cancelled"/>
<link href="#rfc.section.2.7.4" rel="Chapter" title="2.7.4 Opt Out Effective"/>
<link href="#rfc.section.2.8" rel="Chapter" title="2.8 Recovery Activated"/>
<link href="#rfc.section.2.9" rel="Chapter" title="2.9 Recovery Information Changed"/>
<link href="#rfc.section.2.10" rel="Chapter" title="2.10 Sessions Revoked"/>
<link href="#rfc.references" rel="Chapter" title="3 Normative References"/>
<link href="#rfc.authors" rel="Chapter"/>


  <meta name="generator" content="xml2rfc version 2.5.1 - http://tools.ietf.org/tools/xml2rfc" />
  <link rel="schema.dct" href="http://purl.org/dc/terms/" />

  <meta name="dct.creator" content="Scurtescu, M., Backman, A., Hunt, P., and J. Bradley" />
  <meta name="dct.identifier" content="urn:ietf:id:openid-risc-event-types-1_0" />
  <meta name="dct.issued" scheme="ISO8601" content="2018-4-24" />
  <meta name="dct.abstract" content="This document defines the RISC Event Types. Event Types are introduced and defined in " />
  <meta name="description" content="This document defines the RISC Event Types. Event Types are introduced and defined in " />

</head>

<body>

  <table class="header">
    <tbody>
    
        <tr>
  <td class="left"></td>
  <td class="right">M. Scurtescu</td>
</tr>
<tr>
  <td class="left"></td>
  <td class="right">Google</td>
</tr>
<tr>
  <td class="left"></td>
  <td class="right">A. Backman</td>
</tr>
<tr>
  <td class="left"></td>
  <td class="right">Amazon</td>
</tr>
<tr>
  <td class="left"></td>
  <td class="right">P. Hunt</td>
</tr>
<tr>
  <td class="left"></td>
  <td class="right">Oracle</td>
</tr>
<tr>
  <td class="left"></td>
  <td class="right">J. Bradley</td>
</tr>
<tr>
  <td class="left"></td>
  <td class="right">Yubico</td>
</tr>
<tr>
  <td class="left"></td>
  <td class="right">April 24, 2018</td>
</tr>

        
    </tbody>
  </table>

  <p class="title">OpenID RISC Event Types 1.0<br />
  <span class="filename">openid-risc-event-types-1_0</span></p>
  
  <h1 id="rfc.abstract">
  <a href="#rfc.abstract">Abstract</a>
</h1>
<p>This document defines the RISC Event Types. Event Types are introduced and defined in <a href="#SET">Security Event Token (SET)</a> <cite title="NONE">[SET]</cite>.</p>

  
  <hr class="noprint" />
  <h1 class="np" id="rfc.toc"><a href="#rfc.toc">Table of Contents</a></h1>
  <ul class="toc">

        <li>1.   <a href="#rfc.section.1">Introduction</a></li>
<ul><li>1.1.   <a href="#rfc.section.1.1">Notational Conventions</a></li>
</ul><li>2.   <a href="#rfc.section.2">Event Types</a></li>
<ul><li>2.1.   <a href="#rfc.section.2.1">Account Credential Change Required</a></li>
<li>2.2.   <a href="#rfc.section.2.2">Account Purged</a></li>
<li>2.3.   <a href="#rfc.section.2.3">Account Disabled</a></li>
<li>2.4.   <a href="#rfc.section.2.4">Account Enabled</a></li>
<li>2.5.   <a href="#rfc.section.2.5">Identifier Changed</a></li>
<li>2.6.   <a href="#rfc.section.2.6">Identifier Recycled</a></li>
<li>2.7.   <a href="#rfc.section.2.7">Opt Out</a></li>
<ul><li>2.7.1.   <a href="#rfc.section.2.7.1">Opt In</a></li>
<li>2.7.2.   <a href="#rfc.section.2.7.2">Opt Out Initiated</a></li>
<li>2.7.3.   <a href="#rfc.section.2.7.3">Opt Out Cancelled</a></li>
<li>2.7.4.   <a href="#rfc.section.2.7.4">Opt Out Effective</a></li>
</ul><li>2.8.   <a href="#rfc.section.2.8">Recovery Activated</a></li>
<li>2.9.   <a href="#rfc.section.2.9">Recovery Information Changed</a></li>
<li>2.10.   <a href="#rfc.section.2.10">Sessions Revoked</a></li>
</ul><li>3.   <a href="#rfc.references">Normative References</a></li>
<li><a href="#rfc.authors">Authors' Addresses</a></li>


  </ul>

  <h1 id="rfc.section.1"><a href="#rfc.section.1">1.</a> <a href="#intro" id="intro">Introduction</a></h1>
<p id="rfc.section.1.p.1">This specification is based on <a href="#RISC-PROFILE">RISC Profile</a> <cite title="NONE">[RISC-PROFILE]</cite> and uses the subject identifiers defined there.</p>
<h1 id="rfc.section.1.1"><a href="#rfc.section.1.1">1.1.</a> <a href="#conv" id="conv">Notational Conventions</a></h1>
<p id="rfc.section.1.1.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <a href="#RFC2119">[RFC2119]</a> <a href="#RFC8174">[RFC8174]</a> when, and only when, they appear in all capitals, as shown here.</p>
<h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a> <a href="#event-types" id="event-types">Event Types</a></h1>
<p id="rfc.section.2.p.1">The base URI for RISC event types is:<br/> https://schemas.openid.net/secevent/risc/event-type/</p>
<h1 id="rfc.section.2.1"><a href="#rfc.section.2.1">2.1.</a> <a href="#account-credential-change-required" id="account-credential-change-required">Account Credential Change Required</a></h1>
<p id="rfc.section.2.1.p.1">Event Type URI:<br/> https://schemas.openid.net/secevent/risc/event-type/account-credential-change-required</p>
<p id="rfc.section.2.1.p.2">Account Credential Change Required signals that the account identified by the subject was required to change a credential. For example the user was required to go through a password change.</p>
<p id="rfc.section.2.1.p.3">Attributes: none</p>
<div id="rfc.figure.1"/>
<div id="account-credential-change-required-example"/>
<pre>
{
  "iss": "https://idp.example.com/",
  "jti": "756E69717565206964656E746966696572",
  "iat": 1508184845,
  "aud": "636C69656E745F6964",
  "events": {
    "https://schemas.openid.net/secevent/risc/event-type/\
    account-credential-change-required": {
      "subject": {
        "subject_type": "iss-sub",
        "iss": "https://idp.example.com/",
        "sub": "7375626A656374",
      }
    }
  }
}
            </pre>
<p>
  <em>(the event type URI is wrapped, the backslash is the continuation character)</em>
</p>
<p class="figure">Figure 1: Example: Account Credential Change Required</p>
<h1 id="rfc.section.2.2"><a href="#rfc.section.2.2">2.2.</a> <a href="#account-purged" id="account-purged">Account Purged</a></h1>
<p id="rfc.section.2.2.p.1">Event Type URI:<br/> https://schemas.openid.net/secevent/risc/event-type/account-purged</p>
<p id="rfc.section.2.2.p.2">Account Purged signals that the account identified by the subject has been permanently deleted.</p>
<p id="rfc.section.2.2.p.3">Attributes: none</p>
<h1 id="rfc.section.2.3"><a href="#rfc.section.2.3">2.3.</a> <a href="#account-disabled" id="account-disabled">Account Disabled</a></h1>
<p id="rfc.section.2.3.p.1">Event Type URI:<br/> https://schemas.openid.net/secevent/risc/event-type/account-disabled</p>
<p id="rfc.section.2.3.p.2">Account Disabled signals that the account identified by the subject has been disabled. The actual reason why the account was disabled might be specified with the nested <samp>reason</samp> attribute described below. The account may be <a href="#account-enabled">enabled</a> <cite title="NONE">[account-enabled]</cite> in the future.</p>
<p id="rfc.section.2.3.p.3">Attributes:</p>

<ul>
  <li>reason - optional, describes why was the account disabled. Possible values:<ul><li>hijacking</li><li>bulk-account</li></ul></li>
</ul>
<div id="rfc.figure.2"/>
<div id="account-disabled-example"/>
<pre>
{
  "iss": "https://idp.example.com/",
  "jti": "756E69717565206964656E746966696572",
  "iat": 1508184845,
  "aud": "636C69656E745F6964",
  "events": {
    "https://schemas.openid.net/secevent/risc/event-type/\
    account-disabled": {
      "subject": {
        "subject_type": "iss-sub",
        "iss": "https://idp.example.com/",
        "sub": "7375626A656374",
      },
      "reason": "hijacking",
    }
  }
}
            </pre>
<p>
  <em>(the event type URI is wrapped, the backslash is the continuation character)</em>
</p>
<p class="figure">Figure 2: Example: Account Disabled</p>
<h1 id="rfc.section.2.4"><a href="#rfc.section.2.4">2.4.</a> <a href="#account-enabled" id="account-enabled">Account Enabled</a></h1>
<p id="rfc.section.2.4.p.1">Event Type URI:<br/> https://schemas.openid.net/secevent/risc/event-type/account-enabled</p>
<p id="rfc.section.2.4.p.2">Account Enabled signals that the account identified by the subject has been enabled.</p>
<p id="rfc.section.2.4.p.3">Attributes: none</p>
<h1 id="rfc.section.2.5"><a href="#rfc.section.2.5">2.5.</a> <a href="#identifier-changed" id="identifier-changed">Identifier Changed</a></h1>
<p id="rfc.section.2.5.p.1">Event Type URI:<br/> https://schemas.openid.net/secevent/risc/event-type/identifier-changed</p>
<p id="rfc.section.2.5.p.2">Identifier Changed signals that the identifier specified in the subject has changed. The subject type MUST be either <samp>email</samp> or <samp>phone</samp> and it MUST specify the old value.</p>
<p id="rfc.section.2.5.p.3">This event SHOULD be issued only by the provider that is authoritative over the identifier.  For example, if the person that owns <samp>john.doe@example.com</samp> goes through a name change and wants the new <samp>john.row@example.com</samp> email then <strong>only</strong> the email provider <samp>example.com</samp> SHOULD issue an Identifier Changed event as shown in the example below.</p>
<p id="rfc.section.2.5.p.4">If an identifier used as a username or recovery option is changed, at a provider that is not authoritative over that identifier, then <a href="#recovery-information-changed">Recovery Information Changed</a> <cite title="NONE">[recovery-information-changed]</cite> SHOULD be used instead.</p>
<p id="rfc.section.2.5.p.5">Attributes:</p>

<ul>
  <li>new-value - optional, the new value of the identifier.</li>
</ul>
<div id="rfc.figure.3"/>
<div id="identifier-changed-example"/>
<pre>
{
  "iss": "https://idp.example.com/",
  "jti": "756E69717565206964656E746966696572",
  "iat": 1508184845,
  "aud": "636C69656E745F6964",
  "events": {
    "https://schemas.openid.net/secevent/risc/event-type/\
    identifier-changed": {
      "subject": {
        "subject_type": "email",
        "email": "john.doe@example.com",
      },
      "new-value": "john.roe@example.com",
    }
  }
}
            </pre>
<p>The <samp>foo@example.com</samp> email changed to <samp>bar@example.com</samp>.  <em>(the event type URI is wrapped, the backslash is the continuation character)</em></p>
<p class="figure">Figure 3: Example: Identifier Changed</p>
<h1 id="rfc.section.2.6"><a href="#rfc.section.2.6">2.6.</a> <a href="#identifier-recycled" id="identifier-recycled">Identifier Recycled</a></h1>
<p id="rfc.section.2.6.p.1">Event Type URI:<br/> https://schemas.openid.net/secevent/risc/event-type/identifier-recycled</p>
<p id="rfc.section.2.6.p.2">Identifier Recycled signals that the identifier specified in the subject was recycled and now it belongs to a new user. The subject type MUST be either <samp>email</samp> or <samp>phone</samp>.</p>
<p id="rfc.section.2.6.p.3">Attributes: none</p>
<div id="rfc.figure.4"/>
<div id="identifier-recycled-example"/>
<pre>
{
  "iss": "https://idp.example.com/",
  "jti": "756E69717565206964656E746966696572",
  "iat": 1508184845,
  "aud": "636C69656E745F6964",
  "events": {
    "https://schemas.openid.net/secevent/risc/event-type/\
    identifier-recycled": {
      "subject": {
        "subject_type": "email",
        "email": "foo@example.com",
      }
    }
  }
}
            </pre>
<p>The 'foo@example.com' email address was recycled.  <em>(the event type URI is wrapped, the backslash is the continuation character)</em></p>
<p class="figure">Figure 4: Example: Identifier Recycled</p>
<h1 id="rfc.section.2.7"><a href="#rfc.section.2.7">2.7.</a> <a href="#opt-out" id="opt-out">Opt Out</a></h1>
<p id="rfc.section.2.7.p.1">Users SHOULD be allowed to opt-in and out of RISC events being sent for their accounts. With regards to opt-out an account can be in one of these three states:</p>

<ol>
  <li>opt-in - the account is participating in RISC event exchange.</li>
  <li>opt-out-initiated - the user requested to be excluded from RISC event exchanges, but for practical security reasons for a period of time RISC events are still exchanged. The main reason for this state is to prevent a hijacker from immediately opting out of RISC.</li>
  <li>opt-out - the account is NOT participating in RISC event exchange.</li>
</ol>
<div id="rfc.figure.5"/>
<div id="opt-out-states"/>
<p>State changes trigger Opt-Out Events as represented bellow:</p>
<pre>
+--------+  opt-out-initiated  +-------------------+
|        +--------------------->                   |
| opt-in |                     | opt-out-initiated |
|        |  pt-out-cancelled   |                   |
|        <---------------------+                   |
+---^----+                     +----------+--------+
    |                                     |
    | opt-in                              | opt-out-effective
    |                                     |
    |                          +----------V--------+
    |                          |                   |
    +--------------------------| opt-out           |
                               |                   |
                               +-------------------+
          </pre>
<p class="figure">Figure 5: Opt-Out States and Opt-Out Events</p>
<p id="rfc.section.2.7.p.2">Both Transmitters and Receivers SHOULD manage Opt-Out state for users. Transmitters should send the events defined in this section when the Opt-Out state changes.</p>
<h1 id="rfc.section.2.7.1"><a href="#rfc.section.2.7.1">2.7.1.</a> <a href="#opt-in" id="opt-in">Opt In</a></h1>
<p id="rfc.section.2.7.1.p.1">Event Type URI:<br/> https://schemas.openid.net/secevent/risc/event-type/opt-in</p>
<p id="rfc.section.2.7.1.p.2">Opt In signals that the account identified by the subject opted into RISC event exchanges.  The account is in the <samp>opt-in</samp> state.</p>
<p id="rfc.section.2.7.1.p.3">Attributes: none</p>
<h1 id="rfc.section.2.7.2"><a href="#rfc.section.2.7.2">2.7.2.</a> <a href="#opt-out-initiated" id="opt-out-initiated">Opt Out Initiated</a></h1>
<p id="rfc.section.2.7.2.p.1">Event Type URI:<br/> https://schemas.openid.net/secevent/risc/event-type/opt-out-initiated</p>
<p id="rfc.section.2.7.2.p.2">Opt Out Initiated signals that the account identified by the subject initiated to opt out from RISC event exchanges. The account is in the <samp>opt-out-initiated</samp> state.</p>
<p id="rfc.section.2.7.2.p.3">Attributes: none</p>
<h1 id="rfc.section.2.7.3"><a href="#rfc.section.2.7.3">2.7.3.</a> <a href="#opt-out-cancelled" id="opt-out-cancelled">Opt Out Cancelled</a></h1>
<p id="rfc.section.2.7.3.p.1">Event Type URI:<br/> https://schemas.openid.net/secevent/risc/event-type/opt-out-cancelled</p>
<p id="rfc.section.2.7.3.p.2">Opt Out Cancelled signals that the account identified by the subject cancelled the opt out from RISC event exchanges. The account is in the <samp>opt-in</samp> state.</p>
<p id="rfc.section.2.7.3.p.3">Attributes: none</p>
<h1 id="rfc.section.2.7.4"><a href="#rfc.section.2.7.4">2.7.4.</a> <a href="#opt-out-effective" id="opt-out-effective">Opt Out Effective</a></h1>
<p id="rfc.section.2.7.4.p.1">Event Type URI:<br/> https://schemas.openid.net/secevent/risc/event-type/opt-out-effective</p>
<p id="rfc.section.2.7.4.p.2">Opt Out Effective signals that the account identified by the subject was effectively opted out from RISC event exchanges. The account is in the <samp>opt-out</samp> state.</p>
<p id="rfc.section.2.7.4.p.3">Attributes: none</p>
<h1 id="rfc.section.2.8"><a href="#rfc.section.2.8">2.8.</a> <a href="#recovery-activated" id="recovery-activated">Recovery Activated</a></h1>
<p id="rfc.section.2.8.p.1">Event Type URI:<br/> https://schemas.openid.net/secevent/risc/event-type/recovery-activated</p>
<p id="rfc.section.2.8.p.2">Recovery Activated signals that the account identified by the subject activated a recovery flow.</p>
<p id="rfc.section.2.8.p.3">Attributes: none</p>
<h1 id="rfc.section.2.9"><a href="#rfc.section.2.9">2.9.</a> <a href="#recovery-information-changed" id="recovery-information-changed">Recovery Information Changed</a></h1>
<p id="rfc.section.2.9.p.1">Event Type URI:<br/> https://schemas.openid.net/secevent/risc/event-type/recovery-information-changed</p>
<p id="rfc.section.2.9.p.2">Recovery Information Changed signals that the account identified by the subject has changed some of its recovery information. For example a recovery email address was added or removed.</p>
<p id="rfc.section.2.9.p.3">Attributes: none</p>
<h1 id="rfc.section.2.10"><a href="#rfc.section.2.10">2.10.</a> <a href="#sessions-revoked" id="sessions-revoked">Sessions Revoked</a></h1>
<p id="rfc.section.2.10.p.1">Event Type URI:<br/> https://schemas.openid.net/secevent/risc/event-type/sessions-revoked</p>
<p id="rfc.section.2.10.p.2">Sessions Revoked signals that all the sessions for the account identified by the subject have been revoked.</p>
<p id="rfc.section.2.10.p.3">Attributes: none</p>
<h1 id="rfc.references"><a href="#rfc.references">3.</a> Normative References</h1>
<table>
  <tbody>
    <tr>
      <td class="reference">
        <b id="JSON">[JSON]</b>
      </td>
      <td class="top"><a>Bray, T.</a>, "<a href="http://tools.ietf.org/html/rfc7159">The JavaScript Object Notation (JSON) Data Interchange Format</a>", RFC 7159, DOI 10.17487/RFC7159, March 2014.</td>
    </tr>
    <tr>
      <td class="reference">
        <b id="RFC2119">[RFC2119]</b>
      </td>
      <td class="top"><a>Bradner, S.</a>, "<a href="http://tools.ietf.org/html/rfc2119">Key words for use in RFCs to Indicate Requirement Levels</a>", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.</td>
    </tr>
    <tr>
      <td class="reference">
        <b id="RFC8174">[RFC8174]</b>
      </td>
      <td class="top"><a>Leiba, B.</a>, "<a href="http://tools.ietf.org/html/rfc8174">Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</a>", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017.</td>
    </tr>
    <tr>
      <td class="reference">
        <b id="RISC-PROFILE">[RISC-PROFILE]</b>
      </td>
      <td class="top"><a>Scurtescu, M.</a>, <a>Backman, A.</a> and <a>J. Bradley</a>, "<a href="http://openid.net/specs/openid-risc-profile-1_0.html">OpenID RISC Profile of IETF Security Events 1.0</a>", April 2018.</td>
    </tr>
    <tr>
      <td class="reference">
        <b id="SET">[SET]</b>
      </td>
      <td class="top"><a>Hunt, P.</a>, <a>Jones, M.</a>, <a>Denniss, W.</a> and <a>M. Ansari</a>, "<a href="https://tools.ietf.org/html/draft-ietf-secevent-token-09">Security Event Token (SET)</a>", April 2018.</td>
    </tr>
  </tbody>
</table>
<h1 id="rfc.authors">
  <a href="#rfc.authors">Authors' Addresses</a>
</h1>
<div class="avoidbreak">
  <address class="vcard">
        <span class="vcardline">
          <span class="fn">Marius Scurtescu</span> 
          <span class="n hidden">
                <span class="family-name">Scurtescu</span>
          </span>
        </span>
        <span class="org vcardline">Google</span>
        <span class="adr">
          
          <span class="vcardline">
                <span class="locality"></span> 
                <span class="region"></span>
                <span class="code"></span>
          </span>
          <span class="country-name vcardline"></span>
        </span>
        <span class="vcardline">EMail: <a href="mailto:mscurtescu@google.com">mscurtescu@google.com</a></span>

  </address>
</div><div class="avoidbreak">
  <address class="vcard">
        <span class="vcardline">
          <span class="fn">Annabelle Backman</span> 
          <span class="n hidden">
                <span class="family-name">Backman</span>
          </span>
        </span>
        <span class="org vcardline">Amazon</span>
        <span class="adr">
          
          <span class="vcardline">
                <span class="locality"></span> 
                <span class="region"></span>
                <span class="code"></span>
          </span>
          <span class="country-name vcardline"></span>
        </span>
        <span class="vcardline">EMail: <a href="mailto:richanna@amazon.com">richanna@amazon.com</a></span>

  </address>
</div><div class="avoidbreak">
  <address class="vcard">
        <span class="vcardline">
          <span class="fn">Phil Hunt</span> 
          <span class="n hidden">
                <span class="family-name">Hunt</span>
          </span>
        </span>
        <span class="org vcardline">Oracle Corporation</span>
        <span class="adr">
          
          <span class="vcardline">
                <span class="locality"></span> 
                <span class="region"></span>
                <span class="code"></span>
          </span>
          <span class="country-name vcardline"></span>
        </span>
        <span class="vcardline">EMail: <a href="mailto:phil.hunt@yahoo.com">phil.hunt@yahoo.com</a></span>

  </address>
</div><div class="avoidbreak">
  <address class="vcard">
        <span class="vcardline">
          <span class="fn">John Bradley</span> 
          <span class="n hidden">
                <span class="family-name">Bradley</span>
          </span>
        </span>
        <span class="org vcardline">Yubico</span>
        <span class="adr">
          
          <span class="vcardline">
                <span class="locality"></span> 
                <span class="region"></span>
                <span class="code"></span>
          </span>
          <span class="country-name vcardline"></span>
        </span>
        <span class="vcardline">EMail: <a href="mailto:secevemt@ve7jtb.com">secevemt@ve7jtb.com</a></span>

  </address>
</div>

</body>
</html>