<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Times New Roman \(Body CS\)";
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Arial",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1133325718;
mso-list-template-ids:294963864;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style>
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Atul,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Can we use these scenarios (along with any other examples folks have) to continue the discussion today?
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:12.0pt;font-family:"Arial",sans-serif">#1 “All sessions for this user and device are revoked”<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas">{<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> "iss": "https://login.microsoft.com/72f988bf-86f1-41af-91ab-2d7cd011db47/",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> "jti": "756E69717565206964656E746966696572",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> "iat": 1596468414,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> "aud": "636C69656E745F6964",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> "events": {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> "https://schemas.openid.net/secevent/caep/event-type/all-sessions-revoked": {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> "subject": [<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> "subject_type": "iss_sub",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> "iss": "https://login.microsoft.com/72f988bf-86f1-41af-91ab-2d7cd011db47/",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> "sub": "B82ABEF5-201B-4BDE-A532-F9827089009E" // User UUID<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> },<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> "subject_type": "iss_sub",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> "iss": "https://login.microsoft.com/72f988bf-86f1-41af-91ab-2d7cd011db47/",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> "sub": "208EE704-07BA-4762-B5CF-B45807E5FAA8" // Device UUID<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> ]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas">}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:12.0pt;font-family:"Arial",sans-serif">#2 “All user sessions on this specific device are revoked”<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas">Same set with different event type?</span><span style="font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-top:12.0pt"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:black">From:
</span></b><span style="font-size:12.0pt;color:black">Openid-specs-risc <openid-specs-risc-bounces@lists.openid.net><br>
<b>Date: </b>Friday, July 31, 2020 at 14:08<br>
<b>To: </b>Openid-specs-risc <openid-specs-risc@lists.openid.net><br>
<b>Subject: </b>[Openid-specs-risc] Subject "categories" discussion<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal">Hi all,<o:p></o:p></p>
<div>
<p class="MsoNormal">In the OpenID SSE WG call on July 21st, we discussed at length the need for the "subject category" addition to the subject identifier. The notes from that call are
<a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1ZFwJJDwwSBNKX35VObClC1ctMbMMuHJtr5qY-7xsLW8%2Fedit%3Fusp%3Dsharing&data=02%7C01%7Ctim.cappalli%40microsoft.com%7C269ebb4c80c040001da808d8357cc0ad%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637318157241464997&sdata=BLHrBxsCR%2Ba4ZjFeYAfsLsg4b5o3CCZwfJgZ%2BFkecs8%3D&reserved=0">
here</a>.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Based on that discussion I would like to propose the following changes in the SSE profile draft and the proposed SSE Event Types draft:<o:p></o:p></p>
</div>
<div>
<ol start="1" type="1">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
We drop the common claim named "category" from the subject identifiers.<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
We specify in the SSE profile spec that individual events may have multiple subject-identifiers if required to disambiguate the subject as being in a specific category. The semantics of combining multiple subject identifiers within an event will always be "AND",
i.e. The subject of the event is identified by the intersection of the subjects identified by each subject identifier.<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
In the proposed SSE event types spec, where required, we specify the multiple subject identifiers.<o:p></o:p></li></ol>
<div>
<p class="MsoNormal">Please respond here to discuss. This is relevant to the finalization of the subject identifiers specification in the IETF. I will post a message there based on the conclusion of any discussion here and in our next SSE WG call on 8/4.<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Atul<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</body>
</html>