[Openid-specs-risc] Question on delivery methods
Tim Cappalli
Tim.Cappalli at microsoft.com
Fri Aug 19 14:14:05 UTC 2022
Thanks Phil! We will discuss on the next WG call.
tim
From: Phillip Hunt <phil.hunt at independentid.com>
Date: Thursday, August 18, 2022 at 19:06
To: Tim Cappalli <Tim.Cappalli at microsoft.com>
Cc: OpenID RISC List <openid-specs-risc at lists.openid.net>
Subject: Re: [Openid-specs-risc] Question on delivery methods
Tim,
I’m not sure what you mean by “I don't believe the secevent RFCs say how they should be referenced”. They would never do that.
Inside the stream configuration which is entirely within the SSEF, I think you can reference any way you want.
The confusion I had was that https://schemas.openid.net/secevent/risc/delivery-method/push<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fschemas.openid.net%2Fsecevent%2Frisc%2Fdelivery-method%2Fpush&data=05%7C01%7CTim.Cappalli%40microsoft.com%7C25b171c7399b4f048d4508da816e49c8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637964607945199780%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eiNcQw3t3n%2BzIBD%2F3Nl5Tg2AME4KA3UAdXxrZ9XPWIU%3D&reserved=0> suggested an entirely different method than RFC8935. If that’s not the intention, then just use RFC8935 or "https://www.rfc-editor.org/rfc/rfc8935.txt<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rfc-editor.org%2Frfc%2Frfc8935.txt&data=05%7C01%7CTim.Cappalli%40microsoft.com%7C25b171c7399b4f048d4508da816e49c8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637964607945199780%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dSPIJ6xNXM1zdb6C4UEQ92qDoqNDLm50GM1RhqxAPAo%3D&reserved=0>”. The rfc-editor link would be considered the authoritative link for an RFC.
The openid specific URI had given me the impression openid was doing yet another delivery method than the IETF specs (which of course I could not find).
Phillip Hunt
@independentid
phil.hunt at independentid.com<mailto:phil.hunt at independentid.com>
On Aug 18, 2022, at 11:56 AM, Tim Cappalli <Tim.Cappalli at microsoft.com<mailto:Tim.Cappalli at microsoft.com>> wrote:
Hey Phil – thanks for bringing this up. I don't believe the secevent RFCs say how they should be referenced.
Are you suggesting we should reference the RFC numbers instead of URIs?
Tim
From: Openid-specs-risc <openid-specs-risc-bounces at lists.openid.net<mailto:openid-specs-risc-bounces at lists.openid.net>> on behalf of Phillip Hunt via Openid-specs-risc <openid-specs-risc at lists.openid.net<mailto:openid-specs-risc at lists.openid.net>>
Date: Thursday, August 18, 2022 at 14:28
To: OpenID RISC List <openid-specs-risc at lists.openid.net<mailto:openid-specs-risc at lists.openid.net>>
Subject: [Openid-specs-risc] Question on delivery methods
Looking at the shared signals framework spec (https://openid.net/specs/openid-sse-framework-1_0-ID1.html<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-sse-framework-1_0-ID1.html&data=05%7C01%7CTim.Cappalli%40microsoft.com%7C25b171c7399b4f048d4508da816e49c8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637964607945199780%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=1%2BJnCoOS%2FxJTgs9IyQtMozyRntJDX4h%2B806M7rx80tY%3D&reserved=0>),
I noticed the delivery methods are not RFC8935/8936 (as per the SECEVENTS specs) but instead are:
https://schemas.openid.net/secevent/risc/delivery-method/push<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fschemas.openid.net%2Fsecevent%2Frisc%2Fdelivery-method%2Fpush&data=05%7C01%7CTim.Cappalli%40microsoft.com%7C25b171c7399b4f048d4508da816e49c8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637964607945199780%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eiNcQw3t3n%2BzIBD%2F3Nl5Tg2AME4KA3UAdXxrZ9XPWIU%3D&reserved=0>
https://schemas.openid.net/secevent/risc/delivery-method/poll<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fschemas.openid.net%2Fsecevent%2Frisc%2Fdelivery-method%2Fpoll&data=05%7C01%7CTim.Cappalli%40microsoft.com%7C25b171c7399b4f048d4508da816e49c8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637964607945199780%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eidwdfl4jblZpf0piywCTJOQFYU3xoKi9l2yS4B%2BuB8%3D&reserved=0>
Is there a difference between these methods and RFC8935, RFC8936? If they are different, is there a specification for these methods? Near as I can tell, the CISCO shared signals implementation is the same.
Thanks,
Phillip Hunt
@independentid
phil.hunt at independentid.com<mailto:phil.hunt at independentid.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20220819/8dbc0598/attachment-0001.html>
More information about the Openid-specs-risc
mailing list