[Openid-specs-risc] [Id-event] SSE changes to the Subject Identifiers Spec

Mon Jul 13 15:40:14 UTC 2020

Hi Yaron,
Thanks for the suggestion, I will start a new thread for each topic. Just
FYI as background: We have discussed these changes in the OpenID Shared
Signals and Events group, but happy to discuss them here again.

Atul

On Mon, Jul 13, 2020 at 1:44 AM Yaron Sheffer <yaronf.ietf at gmail.com> wrote:

> Hi Atul,
>
>
>
> Thank you for your contribution!
>
>
>
> You are introducing 3-4 new concepts into this draft (including the notion
> of “conformance” which you have not listed below). I think it would be more
> appropriate to start an email thread on this list on each one, in order to
> gauge the working group’s interest. In general the IETF reserves the PR
> process for smaller, editorial changes, or else for changes that had
> already been discussed by the mailing list.
>
>
>
> Thanks,
>
>                 Yaron
>
>
>
> *From: *Id-event <id-event-bounces at ietf.org> on behalf of Atul
> Tulshibagwale <atultulshi=40google.com at dmarc.ietf.org>
> *Date: *Monday, July 13, 2020 at 05:38
> *To: *<id-event at ietf.org>, Openid-specs-risc <
> openid-specs-risc at lists.openid.net>
> *Cc: *Annabelle Richard <richanna at amazon.com>, Marius Scurtescu <
> marius.scurtescu at coinbase.com>, michaeljones_fwd <
> Michael.Jones at microsoft.com>
> *Subject: *[Id-event] SSE changes to the Subject Identifiers Spec
>
>
>
> Hi all,
>
> We've made a number of changes to the subject-identifiers spec in the
> OpenID "Shared Signals and Events" working group. I have incorporated these
> changes in a pull request to the present draft in the repository
> https://github.com/richanna/secevent.
>
>
>
> Please review the changes here:
>
> https://github.com/richanna/secevent/pull/1
>
>
>
> Summary of the changes:
>
>    1. Defined "Subject Principals" as management entities that are
>    represented by the subject identifiers
>    2. Defined "Subject Principal Administrative Groupings" or SPAGs that
>    may be used for certain events that pertain to the entire grouping. IRL
>    Spags may be tenants in a multi-tenanted host or may be OUs or groups
>    within a tenant.
>    3. Defined the following Common Claims that may be applied to any
>    subject identifier:
>
>
>    1. spag_id: An optional claim that can be used to ensure uniqueness of
>       the subject identifier within the SPAG.
>       2. category: An optional claim that can be used to define the scope
>       of the subject identifier. E.g., Does a phone number represent the user or
>       the device the user is using. The category can disambiguate this.
>
>
>    1. Added a SAML subject identifier type as was needed by some use
>    cases in SSE.
>    2. Added myself as a co-author, given the scope of these changes.
>
> Thanks,
>
> Atul
>
>
>
> _______________________________________________ Id-event mailing list
> Id-event at ietf.org https://www.ietf.org/mailman/listinfo/id-event
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20200713/2c638eb6/attachment.html>