[Openid-specs-risc] openid/sharedsignals: New Issue opened
github at oidf.org
github at oidf.org
Wed Apr 24 05:10:19 UTC 2024
openid/sharedsignals event
Issue opened
Issue Title: Update CAEP & RISC Events and SSF Docs with txn claim
https://github.com/openid/sharedsignals/issues/157
The `txn` claim is called out as optional on RFC 8417 but is not referenced on CAEP / RISC Events or in the general SSF documentation. With the new CAEP Event being introduced, `session established`, it feels like introducing `txn` now is the right time before v1 is established. This speaks to how a transmitter(SST) and receiver(SSR) can co-op using a standard JWT claim. SST -> session revoked CAEP Event -> SSR with txn: 123. The SSR that received the SET can then send back, acting as a SST, a session revoked event to the Transmitter which is now acting as a SSR. This is a good example of auditing and accounting practices. This also helps inform a SST that the signals it is emititng to the SSR's are still accurate and not subjective noise to a SSR (i.e. the underlying data powering the SST is valid and accurate...which is important). Would like to update the open-id-caep-spec (Sections 2 and 3), open-id-risc-spec (Sections 2 and 3) and open-id-sharedsignals-framework-1.0 (Section 5) md files. In the events I think we would want to call out the specifics to use the `txn` claim and not have it optional for _all_ events.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20240424/e4955d38/attachment.html>
More information about the Openid-specs-risc
mailing list