[Openid-specs-risc] Complex Subject Identifiers format member
Tim Cappalli
Tim.Cappalli at microsoft.com
Thu May 20 20:55:01 UTC 2021
Thanks Matt. Do you imagine this type of processing of subject?
SSE Event Subject Processing Example (github.com)<https://gist.github.com/timcappalli/af55ee6ee5d2ae3f527f47e581178596>
tl;dr
if: subject.format exists, process as standalone subject identifier
else if: subject.[keys] are part of the complex subject list, process as complex subject
else: bad subject
________________________________
From: Matt Domsch <matt.domsch at sailpoint.com>
Sent: Thursday, May 20, 2021 15:45
To: Tim Cappalli <Tim.Cappalli at microsoft.com>; openid-specs-risc at lists.openid.net <openid-specs-risc at lists.openid.net>
Subject: RE: Complex Subject Identifiers format member
That’s clean, easily parseable, and avoids the whole registry problem. Good idea.
Matt Domsch
VP, Engineering Fellow
matt.domsch at sailpoint.com<mailto:matt.domsch at sailpoint.com>
mobile: 512-981-6486
www.sailpoint.com<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sailpoint.com%2F&data=04%7C01%7CTim.Cappalli%40microsoft.com%7C2d19fab75ea3442bdb5208d91bc7d3cc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637571367339593927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NXoYoaH2ctiRk8pnTdRVkwIgJLHsYeZZKaVBsVYoUVM%3D&reserved=0>
From: Tim Cappalli <Tim.Cappalli at microsoft.com>
Sent: Thursday, May 20, 2021 1:57 PM
To: openid-specs-risc at lists.openid.net; Matt Domsch <matt.domsch at sailpoint.com>
Subject: Re: Complex Subject Identifiers format member
Good catch Matt.
Could this be as simple as changing 11.1.2 to say "whose value is a Subject Identifier or Complex Subject as defined in section 3.2"?
11.1.2. SSE Event Subject
The subject of a SSE event is identified by the "subject" claim
within the event payload, whose value is a Subject Identifier. The
"subject" claim is REQUIRED for all SSE events. The JWT "sub" claim
MUST NOT be present in any SET containing a SSE event.
________________________________
From: Openid-specs-risc <openid-specs-risc-bounces at lists.openid.net<mailto:openid-specs-risc-bounces at lists.openid.net>> on behalf of Matt Domsch via Openid-specs-risc <openid-specs-risc at lists.openid.net<mailto:openid-specs-risc at lists.openid.net>>
Sent: Tuesday, May 18, 2021 16:05
To: openid-specs-risc at lists.openid.net<mailto:openid-specs-risc at lists.openid.net> <openid-specs-risc at lists.openid.net<mailto:openid-specs-risc at lists.openid.net>>
Subject: [Openid-specs-risc] Complex Subject Identifiers format member
The topic of registries of values came up today, which reminded me…
Complex Subject Identifiers defined in SSE do not have a format member [1], though it’s required by Subject Identifiers [2]. I know we didn’t want to make a huge list of possible combinations of complex subject identifiers.
Would it suffice to add a format of “complex” to the SI spec, or assign another collision-resistant string here as SI expects (e.g. “format” : “net.openid.sse.siformat.complex”)?
Thanks,
Matt
[1] https://bitbucket.org/openid/risc/src/master/openid-sse-framework-1_0.txt<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps*3A*2F*2Fbitbucket.org*2Fopenid*2Frisc*2Fsrc*2Fmaster*2Fopenid-sse-framework-1_0.txt%26data%3D04*7C01*7Ctim.cappalli*40microsoft.com*7C41c2d7d16e1c4c1c9ede08d91a3845d8*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C637569668119917636*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26sdata%3DuU6fsFjQ2pfv*2Fy*2FnRfRrUcOVyeSpzxIQrQfQ*2FAwXbDE*3D%26reserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!MsNKLpFGsw!ewbqcbA55x_yJeNIMvvKlWGq_YdRwhLiY-27VLgPhpW_aIWRedSk8nozin4ArGMlaes%24&data=04%7C01%7CTim.Cappalli%40microsoft.com%7C2d19fab75ea3442bdb5208d91bc7d3cc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637571367339593927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=cuDE55HeDftfqO89zt4fLXp0MXJBNVHSj1absd2Gz2g%3D&reserved=0>
[2] https://github.com/richanna/secevent/blob/master/draft-ietf-secevent-subject-identifiers.md<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps*3A*2F*2Fgithub.com*2Frichanna*2Fsecevent*2Fblob*2Fmaster*2Fdraft-ietf-secevent-subject-identifiers.md%26data%3D04*7C01*7Ctim.cappalli*40microsoft.com*7C41c2d7d16e1c4c1c9ede08d91a3845d8*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C637569668119917636*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26sdata%3DCAQo1pO09Gjyc0qSis07u8RV3nMd4UGCc2C*2F4*2BwrndU*3D%26reserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSU!!MsNKLpFGsw!ewbqcbA55x_yJeNIMvvKlWGq_YdRwhLiY-27VLgPhpW_aIWRedSk8nozin4AAQpuElk%24&data=04%7C01%7CTim.Cappalli%40microsoft.com%7C2d19fab75ea3442bdb5208d91bc7d3cc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637571367339603885%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=q5wDVN5Kq%2F6gjJ3JOCIzGtVYNdd7K3qX9h5bpJw5k2I%3D&reserved=0>
Matt Domsch
VP, Engineering Fellow
matt.domsch at sailpoint.com<mailto:matt.domsch at sailpoint.com>
mobile: 512-981-6486
www.sailpoint.com<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fwww.sailpoint.com*2F%26data%3D04*7C01*7Ctim.cappalli*40microsoft.com*7C41c2d7d16e1c4c1c9ede08d91a3845d8*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C637569668119927591*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26sdata%3DM29hgPAdnSS7Hj4vVtBPzrfd4v*2FlU1jnxLdxgkE8nHo*3D%26reserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUl!!MsNKLpFGsw!ewbqcbA55x_yJeNIMvvKlWGq_YdRwhLiY-27VLgPhpW_aIWRedSk8nozin4AS9Kede4%24&data=04%7C01%7CTim.Cappalli%40microsoft.com%7C2d19fab75ea3442bdb5208d91bc7d3cc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637571367339613854%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Cc6ipKIqGWlzUsIBOIR12fibBk%2FWT9uJrt4dR2xUycE%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20210520/81e7a744/attachment-0001.html>
More information about the Openid-specs-risc
mailing list