[Openid-specs-risc] Updated JSON examples for the draft document

Atul Tulshibagwale atultulshi at google.com
Tue Aug 4 16:48:54 UTC 2020 

Hi Adam,
Thanks very much for doing this. I guess one question I have is whether
events is an array of objects or a single object with name value pairs. The
SET spec (rfc8417) seems to suggest it's a set of name-value pairs, the
name defining the event name and the value being the event itself.

Atul

On Wed, Jul 29, 2020 at 7:47 AM Adam Hampton via Openid-specs-risc <
openid-specs-risc at lists.openid.net> wrote:

> Good Morning,
>
>
>
> Recently I have been able to focus more full time on the SSE/CAEP efforts
> for SailPoint. I have been working on implementing a Java based object
> model for the JSON examples in Atul’s draft of “openid-sse-profile-draft2”
> at (
> https://docs.google.com/document/d/15zf0kwJhrrteDW-wA8iMwTVFQo2CK6kKK5kNq2IkLuM).
> I’ve added some questions and comments in that document related to the JSON
> examples.  I realize that Java is only one of many languages that the
> standard will be implemented in and my primary concerns are that the
> examples show tested, verified JSON examples that are conformant to the
> relevant JSON specs.
>
>
>
> As currently drafted the examples show two things that are concerning:
>
>
>
>    - Using event type as a key field name for an event in a list of
>    events.  When multiple events of the same type are shipped in one SET this
>    would require JSON parsers to accept repeated field names, which many do
>    not.  This can be seen in figures 1 and 2, and others, of the doc.
>    - Using singleton bodies in place of arrays where for the list of
>    Events when the SET only contains a single Event.  While many parsers
>    support treating a singleton as a member of a list of size one, not all
>    parsers do and we should probably not show that deviation from well-formed
>    JSON as an example.  This can be seen also in figures 1, 2 and others in
>    the doc.
>
>
>
> I’ve built an object model, parser and pretty printer using Java’s Jackson
> JSON parser which produces clean JSON from Atul’s example data.  I’ve
> pasted them below.  I would like to discuss the formatting differences on
> the next call and propose these examples for figures 1 through 5 get
> substituted into for what is in the draft today.  I would also like to
> delve deeper into the Transmitter Config response JSON fields on the next
> call.
>
>
>
> # Draft Figure 1, 'SET Containing a SSE Event with an Email Subject
> Identifier', page 6 top:
>
> {
>
>   "iss" : "https://idp.example.com/",
>
>   "iat" : 1596032109225,
>
>   "jti" : "756E69717565206964656E746966696572",
>
>   "aud" : "636C69656E745F6964",
>
>   "events" : [ {
>
>     "subject" : {
>
>       "subject_type" : "email",
>
>       "subject" : "foo at example.com"
>
>     },
>
>     "type" : "
> https://schemas.openid.net/secevent/risc/event-type/account-enabled"
>
>   } ]
>
> }
>
>
>
> # Draft Figure 2, 'Example SET', page 6 bottom:
>
> {
>
>   "iss" : "https://idp.example.com/",
>
>   "iat" : 1596032109393,
>
>   "jti" : "756E69717565206964656E746966696572",
>
>   "aud" : "636C69656E745F6964",
>
>   "events" : [ {
>
>     "subject" : {
>
>       "subject_type" : "iss_sub",
>
>       "iss" : "https://issuer.example.com/",
>
>       "subject" : "abc1234"
>
>     },
>
>     "type" : "
> https://schemas.openid.net/secevent/risc/event-type/account-enabled"
>
>   } ]
>
> }
>
>
>
> # Draft Figure 3, 'Example SET', page 7 top:
>
> {
>
>   "iss" : "https://sp.example2.com/",
>
>   "iat" : 1596032109395,
>
>   "jti" : "756E69717565206964656E746966696572",
>
>   "aud" : "636C69656E745F6964",
>
>   "events" : [ {
>
>     "subject" : {
>
>       "subject_type" : "email",
>
>       "subject" : "foo at example.com"
>
>     },
>
>     "type" : "
> https://schemas.openid.net/secevent/risc/event-type/ip-address-changed",
>
>     "ip_address" : "123.45.67.89"
>
>   } ]
>
> }
>
>
>
> # Draft Figure 4, 'SET Containing a SSE Event with a SPAG Subject Type',
> page 7 bottom:
>
> {
>
>   "iss" : "https://sp.example2.com/",
>
>   "iat" : 1596032109397,
>
>   "jti" : "756E69717565206964656E746966696572",
>
>   "aud" : "636C69656E745F6964",
>
>   "events" : [ {
>
>     "subject" : {
>
>       "subject_type" : "spag",
>
>       "spag_id" : "
> https://example.com/v2/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a"
>
>     },
>
>     "type" : "
> https://schemas.openid.net/secevent/risc/event-type/ip-address-changed"
>
>   } ]
>
> }
>
>
>
> # Draft Figure 5, 'SET Containing a SSE Event with Common Claims in the
> Subject', page 8 top:
>
> {
>
>   "iss" : "https://sp.example2.com/",
>
>   "iat" : 1596032109399,
>
>   "jti" : "756E69717565206964656E746966696572",
>
>   "aud" : "636C69656E745F6964",
>
>   "events" : [ {
>
>     "subject" : {
>
>       "subject_type" : "id_token_claims",
>
>       "spag_id" : "
> https://example.com/v2/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a",
>
>       "category" : "device",
>
>       "phone_number" : "+1 (408) 555-1212 <(408)%20555-1212>"
>
>     },
>
>     "type" : "
> https://schemas.openid.net/secevent/risc/event-type/ip-address-changed"
>
>   } ]
>
> }
>
>
>
> TransmitterConfig JSON example:
>
> {
>
>   "issuer" : "https://ssedemo.identitynow.com",
>
>   "jwks_uri" : "https://ssedemo.identitynow.com/jwks",
>
>   "configuration_endpoint" : "https://ssedemo.identitynow.com/config",
>
>   "delivery_methods_supported" : [ "https" ],
>
>   "status_endpoint" : "https://ssedemo.identitynow.com/status",
>
>   "verification_endpoint" : "https://ssedemo.identitynow.com/verify",
>
>   "add_subject_endpoint" : "https://ssedemo.identitynow.com/addSubject",
>
>   "remove_subject_endpoint" : "
> https://ssedemo.identitynow.com/removeSubject",
>
>   "supported_versions" : "1.0"
>
> }
>
>
>
>
>
> Thanks and Best Regards,
>
> --
>
> *Adam Hampton*
> *Principal Engineer*
> <https://www.sailpoint.com/>
> adam.hampton at sailpoint.com
> Join the #SailPointCrew <https://www.sailpoint.com/company/careers/>
> [image: The Power of Identity - SailPoint Email Signature]
> <https://www.sailpoint.com/>
> _______________________________________________
> Openid-specs-risc mailing list
> Openid-specs-risc at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-risc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20200804/400dc269/attachment-0001.html>

More information about the Openid-specs-risc mailing list