[Openid-specs-risc] Questions about Subject in SSE events
Tim Cappalli
Tim.Cappalli at microsoft.com
Wed Oct 6 20:04:51 UTC 2021
Shayne,
Can we discuss this on the WG call on Tuesday? I agree that this is too ambiguous so let's discuss how to fix the spec text.
Tim
________________________________
From: Openid-specs-risc <openid-specs-risc-bounces at lists.openid.net> on behalf of Shayne Miel (smiel) via Openid-specs-risc <openid-specs-risc at lists.openid.net>
Sent: Wednesday, October 6, 2021 11:55
To: Openid-specs-risc at lists.openid.net <Openid-specs-risc at lists.openid.net>
Subject: [Openid-specs-risc] Questions about Subject in SSE events
I have two questions about how to encode subjects in SSE events:
1. In section 3<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-sse-framework-1_0-01.html%23subject-ids&data=04%7C01%7Ctim.cappalli%40microsoft.com%7C031e210f95bf46b81f6308d988e1c807%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637691326519039191%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=%2BDyIRsBk%2FV4W9U%2BGq%2F2YF7QVh2zbl7xsGqa43yK42Ss%3D&reserved=0> of the SSE Framework spec it says that a claim of Subject type can have any name and section 3.1 shows an example with "transferrer" as the claim. All of the examples in the CAEP and RISC specs use "subject" as the claim. Should there be something in the specification that enforces the use of "subject" as the claim name? If not, how should receivers know how to parse the event?
2. In the CAEP spec the examples all show the subject type indicated with the "format" field, which appears to be correct as described in section 3 of the Subject Identifiers spec<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-secevent-subject-identifiers%23section-3&data=04%7C01%7Ctim.cappalli%40microsoft.com%7C031e210f95bf46b81f6308d988e1c807%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637691326519049190%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=SGwJ2ESR2VRMhAZtmZPYGoC22LY7SSshYxVFADoJ7R4%3D&reserved=0>. However, in the RISC spec all of the examples show that the subject type is identified with a "subject_type" field. Are the RISC spec examples incorrect?
[https://duo.com/assets/img/email/duo-logo-email-signature.gif] [https://duo.com/assets/img/email/spacer.gif]
Shayne Miel
/ Engineering Technical Leader (he, him, his)
smiel at cisco.com<mailto:smiel at cisco.com>
(919) 923-6230
Duo.com<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fduo.com%2F&data=04%7C01%7Ctim.cappalli%40microsoft.com%7C031e210f95bf46b81f6308d988e1c807%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637691326519049190%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=2W7klgTC%2FSuVxtmZaMxlnpWtlh43rALQii6HSUNsHvg%3D&reserved=0>
----------
Duo Security is now part of Cisco<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fduo.com%2Fabout%2Fpress%2Freleases%2Fcisco-completes-acquisition-of-duo-security&data=04%7C01%7Ctim.cappalli%40microsoft.com%7C031e210f95bf46b81f6308d988e1c807%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637691326519059181%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=eIVqc4Ou%2Buyra%2FUm2nrsLLn4EC8%2BTSItPin4xVEbsiQ%3D&reserved=0>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20211006/c3a13806/attachment-0001.html>
More information about the Openid-specs-risc
mailing list