[Openid-specs-risc] Proposing two new CAEP event types

Wed Feb 14 22:44:52 UTC 2024

Hi Dean,
Great points. I've updated the presentation to clarify what the event is
about, and renamed the event - it is now called "Session Presented"

Thanks for your feedback,
Atul

On Mon, Feb 12, 2024 at 10:24 AM Saxe, Dean <deansaxe at amazon.com> wrote:

> Hi Atul,
>
>
>
> A few quick comments on the suggested additions:
>
>
>
> uaf describes a FIDO protocol which has the concept of user presence, so
> it may be wise to find an alternative claim name to avoid confusion.
>
>
>
> When you describe user presence, I immediately think about the user
> presenting an authentication factor that indicates that they are present
> for the transaction.  For example, presenting an inherence factor
> (fingerprint) to unlock a FIDO hardware security key (e.g. Yubikey bio) as
> part of user authentication.  I don’t think this is what you’re trying to
> communicate with the User Present event.  Can you describe this event in
> more concrete terms?  There may be a naming collision here, as well, that
> we should avoid to minimize confusion about what the event type means.
>
>
>
> Thanks,
>
> -dhs
>
>
>
> *--*
>
> *Dean H. Saxe, CIDPRO <https://idpro.org/cidpro/> (he/him)*
>
> Senior Security Engineer, AWS Identity Security Team | Amazon Web Services
> (AWS)
>
> E: deansaxe at amazon.com | M: 206-659-7293
>
>
>
> *From: *Openid-specs-risc <openid-specs-risc-bounces at lists.openid.net> on
> behalf of Atul Tulshibagwale via Openid-specs-risc <
> openid-specs-risc at lists.openid.net>
> *Reply-To: *Atul Tulshibagwale <atul at sgnl.ai>
> *Date: *Tuesday, February 6, 2024 at 5:45 PM
> *To: *OpenID RISC List <openid-specs-risc at lists.openid.net>
> *Subject: *[EXTERNAL] [Openid-specs-risc] Proposing two new CAEP event
> types
>
>
>
> *CAUTION*: This email originated from outside of the organization. Do not
> click links or open attachments unless you can confirm the sender and know
> the content is safe.
>
>
>
> Hi all,
>
> My colleagues at SGNL and I have come up with new event types that we
> think will be useful for everyone. They indicate that a user session has
> been established, and that a user presence has been observed. Please see
> the attached slides to get an overview. We can discuss this in our next
> working group meeting.
>
>
>
> Looking forward to your feedback.
>
> Thanks,
>
> Atul
>
>
>
> --
>
> [image: Image removed by sender.] <https://sgnl.ai/>
>
> Atul Tulshibagwale
>
> CTO
>
> [image: Image removed by sender.] <https://linkedin.com/in/tulshi>[image:
> Image removed by sender.] <https://twitter.com/zirotrust>[image: Image
> removed by sender.] <atul at sgnl.ai>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20240214/e50b1fd0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Two New CAEP Event Types (1).pdf
Type: application/pdf
Size: 53989 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20240214/e50b1fd0/attachment-0001.pdf>