[Openid-specs-risc] SSE / CAEP / RISC Java models

Matt Domsch matt.domsch at sailpoint.com
Thu Mar 11 19:31:10 UTC 2021 

As part of our review of the spec authors' pull requests, Adam Hampton and I have started a Java library to model all the objects in the SSE, CAEP, and RISC profiles.  The test suite takes verbatim copies of the example JSON representations from the respective documents as one form of input, and the code (Builder-style) generates equivalent objects.  It's up-to-date with the changes made this week to the Security Identifiers spec by Annabelle, and the three PRs by Tim and Atul which are currently outstanding, to the extent possible.

We have a separate project under way to build transmitters and receivers which we hope to have out in the next few weeks, which leverages this library.

Library: https://github.com/sailpoint-oss/openid-sse-model
Usage:

    SubjectIdentifier session = new SubjectIdentifier.Builder()
            .format(IdentifierFormats.OPAQUE)
            .subject("dMTlD|1600802906337.16|16008.16")
            .build();

    SubjectIdentifier user = new SubjectIdentifier.Builder()
            .format(IdentifierFormats.ISSUER_SUBJECT)
            .issuer(https://idp.example.com/123456789/)
            .subject("dMTlD|1600802906337.16|16008.16")
            .build();

    SubjectIdentifier tenant = new SubjectIdentifier.Builder()
            .format(IdentifierFormats.OPAQUE)
            .id("123456789")
            .build();

    SubjectIdentifier subj = new SubjectIdentifier.Builder()
            .session(session)
            .user(user)
            .tenant(tenant)
            .build();

    CAEPSessionRevoked evt = new CAEPSessionRevoked.Builder()
            .initiatingEntity(CAEPInitiatingEntity.POLICY)
            .reasonAdmin("Landspeed Policy Violation: C076E82F")
            .reasonUser("Access attempt from multiple regions.")
            .eventTimestamp(System.currentTimeMillis())
            .subject(subj)
            .build();
    evt.validate();

    JWTClaimsSet set = new JWTClaimsSet.Builder()
            .issuer(https://idp.example.com/123456789/)
            .jwtID("24c63fb56e5a2d77a6b512616ca9fa24")
            .issueTime(DateUtils.fromSecondsSinceEpoch(System.currentTimeMillis()/1000))
            .audience(https://sp.example.com/caep)
            .claim(SEToken.EVENTS_CLAIM, evt)
            .build();



Feedback welcome.

Thanks,
Matt

Matt Domsch
VP, Engineering Fellow
matt.domsch at sailpoint.com<mailto:matt.domsch at sailpoint.com>
mobile: 512-981-6486
www.sailpoint.com<http://www.sailpoint.com/>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20210311/794f91f7/attachment.html>

More information about the Openid-specs-risc mailing list