[Openid-specs-risc] Proposing two new CAEP event types

Tue Apr 23 00:20:22 UTC 2024

Hi all,
Thanks for your feedback on the new event types through this email thread
and on the meeting on 2/20
<https://hackmd.io/@oidf-wg-sse/wg-meeting-20240220>. I have created a pull
request for the first of the two event types: "Session Established". Please
review:
https://github.com/openid/sharedsignals/pull/154

Thanks,
Atul

On Wed, Feb 14, 2024 at 2:44 PM Atul Tulshibagwale <atul at sgnl.ai> wrote:

> Hi Dean,
> Great points. I've updated the presentation to clarify what the event is
> about, and renamed the event - it is now called "Session Presented"
>
> Thanks for your feedback,
> Atul
>
>
> On Mon, Feb 12, 2024 at 10:24 AM Saxe, Dean <deansaxe at amazon.com> wrote:
>
>> Hi Atul,
>>
>>
>>
>> A few quick comments on the suggested additions:
>>
>>
>>
>> uaf describes a FIDO protocol which has the concept of user presence, so
>> it may be wise to find an alternative claim name to avoid confusion.
>>
>>
>>
>> When you describe user presence, I immediately think about the user
>> presenting an authentication factor that indicates that they are present
>> for the transaction.  For example, presenting an inherence factor
>> (fingerprint) to unlock a FIDO hardware security key (e.g. Yubikey bio) as
>> part of user authentication.  I don’t think this is what you’re trying to
>> communicate with the User Present event.  Can you describe this event in
>> more concrete terms?  There may be a naming collision here, as well, that
>> we should avoid to minimize confusion about what the event type means.
>>
>>
>>
>> Thanks,
>>
>> -dhs
>>
>>
>>
>> *--*
>>
>> *Dean H. Saxe, CIDPRO <https://idpro.org/cidpro/> (he/him)*
>>
>> Senior Security Engineer, AWS Identity Security Team | Amazon Web
>> Services (AWS)
>>
>> E: deansaxe at amazon.com | M: 206-659-7293
>>
>>
>>
>> *From: *Openid-specs-risc <openid-specs-risc-bounces at lists.openid.net>
>> on behalf of Atul Tulshibagwale via Openid-specs-risc <
>> openid-specs-risc at lists.openid.net>
>> *Reply-To: *Atul Tulshibagwale <atul at sgnl.ai>
>> *Date: *Tuesday, February 6, 2024 at 5:45 PM
>> *To: *OpenID RISC List <openid-specs-risc at lists.openid.net>
>> *Subject: *[EXTERNAL] [Openid-specs-risc] Proposing two new CAEP event
>> types
>>
>>
>>
>> *CAUTION*: This email originated from outside of the organization. Do
>> not click links or open attachments unless you can confirm the sender and
>> know the content is safe.
>>
>>
>>
>> Hi all,
>>
>> My colleagues at SGNL and I have come up with new event types that we
>> think will be useful for everyone. They indicate that a user session has
>> been established, and that a user presence has been observed. Please see
>> the attached slides to get an overview. We can discuss this in our next
>> working group meeting.
>>
>>
>>
>> Looking forward to your feedback.
>>
>> Thanks,
>>
>> Atul
>>
>>
>>
>> --
>>
>> [image: Image removed by sender.] <https://sgnl.ai/>
>>
>> Atul Tulshibagwale
>>
>> CTO
>>
>> [image: Image removed by sender.] <https://linkedin.com/in/tulshi>[image:
>> Image removed by sender.] <https://twitter.com/zirotrust>[image: Image
>> removed by sender.] <atul at sgnl.ai>
>>
>>
>>
>

-- 

<https://sgnl.ai>

Atul Tulshibagwale

CTO

<https://linkedin.com/in/tulshi> <https://twitter.com/zirotrust>
<atul at sgnl.ai>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20240422/ce3d5748/attachment.html>