[Openid-specs-risc] Clarifying question on SSE and CAEP config

Nancy Cam-Winget (ncamwing) ncamwing at cisco.com
Tue Sep 21 02:23:09 UTC 2021 

Hi,

We are working on implementing SSE and CAEP and are trying to tie the SSE and CAEP.  In particular, the SSE Stream Configuration<https://openid.net/specs/openid-sse-framework-1_0-01.html#stream-config> section describes a “delivery” property that holds details of how SETs get delivered to the receiver. It says that:



> The actual delivery method is identified by the special key method with the value being a URI as defined in Section 11.2.1<https://openid.net/specs/openid-sse-framework-1_0-01.html#delivery-meta>.



 If you look at an example response<https://openid.net/specs/openid-sse-framework-1_0-01.html#reading-a-streams-configuration> though, it has the keys “delivery_method” and “url”:



HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8

Cache-Control: no-store

Pragma: no-cache



{

  "iss": "https://tr.example.com",

  "aud": [

      "http://receiver.example.com/web",

      "http://receiver.example.com/mobile"

    ],

  "delivery": {

    "delivery_method":

      "https://schemas.openid.net/secevent/risc/delivery-method/push",

      "url": "https://receiver.example.com/events"

  },

  "events_supported": [

    "urn:example:secevent:events:type_1",

    "urn:example:secevent:events:type_2",

    "urn:example:secevent:events:type_3"

  ],

  "events_requested": [

    "urn:example:secevent:events:type_2",

    "urn:example:secevent:events:type_3",

    "urn:example:secevent:events:type_4"

  ],

  "events_delivered": [

    "urn:example:secevent:events:type_2",

    "urn:example:secevent:events:type_3"

  ]

}



Down in section 11.2.1.1<http://11.2.1.1.> it says the keys of the push delivery are “method”, “endpoint_url”, and “authorization_header”. What is not clear is whether those keys are siblings of “delivery_method” and “url” in the “delivery” object of the example above, like this:



  "delivery": {

    "delivery_method": "https://schemas.openid.net/secevent/risc/delivery-method/push",

    "url": "https://receiver.example.com/events”,

    “method": "https://schemas.openid.net/secevent/risc/delivery-method/push",

    “endpoint_url”: "https://receiver.example.com/events”,

    “authorization_header”: “some-secret-key”

  },



or whether they nest under a “method” property like this:



  "delivery": {

    "delivery_method": "https://schemas.openid.net/secevent/risc/delivery-method/push",

    "url": "https://receiver.example.com/events”,

    “method": {

        “method”: “https://schemas.openid.net/secevent/risc/delivery-method/push",

        “endpoint_url”: "https://receiver.example.com/events”,

        “authorization_header”: “some-secret-key”

    }

  },

Or, perhaps this makes more sense from the descriptions:
"delivery": {
“method": "https://schemas.openid.net/secevent/risc/delivery-method/push",
“endpoint_url”: "https://receiver.example.com/events”,
“authorization_header”: “some-secret-key”
},

Can you help clarify?
Thanks, Nancy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20210921/3d427789/attachment-0001.html>

More information about the Openid-specs-risc mailing list