[Openid-specs-risc] event proposal: credential-compromised
Marius Scurtescu
marius.scurtescu at coinbase.com
Sat Dec 21 04:12:59 UTC 2019
A new RISC event type came up while looking at clearing house use cases,
see meeting notes for December 10.
Event Type URI:
https://schemas.openid.net/secevent/risc/event-type/credential-compromised
Credential Compromised signals that a given credential for the account
identified
by the subject was compromised. If the exact same credential is used by
the same
account then the Receiver should take action.
Attributes:
- credential-type:
- password
- PIN
- ...
- credential-hash
- hash-method:
- SHA-256
- ...
{
"iss": "https://idp.example.com/",
"jti": "756E69717565206964656E746966696572",
"iat": 1508184845,
"aud": "636C69656E745F6964",
"events": {
"
https://schemas.openid.net/secevent/risc/event-type/credential-compromised":
{
"subject": {
"subject_type": "iss-sub",
"iss": "https://idp.example.com/",
"sub": "7375626A656374",
},
"credential-type": "password",
"credential-hash":
"41ef4bb0b23661e66301aac36066912dac037827b4ae63a7b1165a5aa93ed4eb",
"hash-method": "SHA-256",
}
}
}
Keep in mind that an event like this is useful not only for a clearing
house use case but for all implicit and pseudo implicit use cases, see
sections 3.3, 3.4 and 3.5:
https://tools.ietf.org/html/draft-scurtescu-secevent-risc-use-cases
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20191220/a2d60926/attachment.html>
More information about the Openid-specs-risc
mailing list