[Openid-specs-risc] openid/sharedsignals: Comment created on issue 163
github at oidf.org
github at oidf.org
Tue May 14 13:09:10 UTC 2024
openid/sharedsignals event
Issue Comment created on issue 163
Issue Title: Specify expected default behavior of streams with no subjects
https://github.com/openid/sharedsignals/issues/163
Comment: > If a Receiver wishes to get events for all/many subjects, it can exploit the wildcard-like nature of Complex subjects. For instance, if the Receiver adds a Complex subject that specifies a tenant ID and nothing else, then any event for any user on that tenant will be added to the stream. > > ``` > { > "format": "complex", > "tenant: { > "format": "opaque", > "id": "1234567" > } > } > ``` > > To take that ability even further, if the Receiver adds a Complex subject with no additional claims, then any event for _any_ subject would be added to the stream (assuming the Transmitter approves). > > ``` > { > "format": "complex" > } > ``` @FragLegs the above approach will take a dependency on an OPTIONAL add subjects API, in turn making it mandatory for large scale implementations. Another alternative could be to add an OPTIONAL `subject` claim in create + update stream request, similar to `events_requested` which is used to filter out which events are needed by the receiver. This approach will provide flexible way to bootstrap streams with the default subjects. Potentially, we could deprecate add/remove subjects APIs with this approach ``` POST /ssf/stream HTTP/1.1 Host: transmitter.example.com Authorization: Bearer eyJ0b2tlbiI6ImV4YW1wbGUifQo= { "delivery": { "method": "urn:ietf:rfc:8935", "endpoint_url": "https://receiver.example.com/events" }, "events_requested": [ "urn:example:secevent:events:type_2", "urn:example:secevent:events:type_3", "urn:example:secevent:events:type_4" ], "subject": { "format": "email", "email": "example.user at example.com" }, "description" : "Stream for Receiver A using events type_2, type_3, type_4" } ```
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20240514/c3b5d52d/attachment-0001.html>
More information about the Openid-specs-risc
mailing list