[Openid-specs-risc] SSE changes to the Subject Identifiers Spec
Atul Tulshibagwale
atultulshi at google.com
Mon Jul 13 02:38:32 UTC 2020
Hi all,
We've made a number of changes to the subject-identifiers spec in the
OpenID "Shared Signals and Events" working group. I have incorporated these
changes in a pull request to the present draft in the repository
https://github.com/richanna/secevent.
Please review the changes here:
https://github.com/richanna/secevent/pull/1
Summary of the changes:
1. Defined "Subject Principals" as management entities that are
represented by the subject identifiers
2. Defined "Subject Principal Administrative Groupings" or SPAGs that
may be used for certain events that pertain to the entire grouping. IRL
Spags may be tenants in a multi-tenanted host or may be OUs or groups
within a tenant.
3. Defined the following Common Claims that may be applied to any
subject identifier:
1. spag_id: An optional claim that can be used to ensure uniqueness
of the subject identifier within the SPAG.
2. category: An optional claim that can be used to define the scope
of the subject identifier. E.g., Does a phone number represent
the user or
the device the user is using. The category can disambiguate this.
4. Added a SAML subject identifier type as was needed by some use cases
in SSE.
5. Added myself as a co-author, given the scope of these changes.
Thanks,
Atul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20200712/e5dafff6/attachment.html>
More information about the Openid-specs-risc
mailing list