
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Thanks Matt. Do you imagine this type of processing of subject?</div>

<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<a href="https://gist.github.com/timcappalli/af55ee6ee5d2ae3f527f47e581178596">SSE Event Subject Processing Example (github.com)</a><br>

</div>

<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

tl;dr</div>

<blockquote style="margin-top:0;margin-bottom:0">

<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

if: subject.format exists, process as standalone subject identifier</div>

<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

else if: subject.[keys] are part of the complex subject list, process as complex subject</div>

<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

else: bad subject </div>

</blockquote>

<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div id="appendonsend"></div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Matt Domsch <matt.domsch@sailpoint.com><br>

<b>Sent:</b> Thursday, May 20, 2021 15:45<br>

<b>To:</b> Tim Cappalli <Tim.Cappalli@microsoft.com>; openid-specs-risc@lists.openid.net <openid-specs-risc@lists.openid.net><br>

<b>Subject:</b> RE: Complex Subject Identifiers format member</font>

<div> </div>

</div>

<style>

<!--

@font-face

        {font-family:"Cambria Math"}

@font-face

        {font-family:Calibri}

p.x_MsoNormal, li.x_MsoNormal, div.x_MsoNormal

        {margin:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif}

a:link, span.x_MsoHyperlink

        {color:blue;

        text-decoration:underline}

p.x_xmsonormal, li.x_xmsonormal, div.x_xmsonormal

        {margin:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif}

span.x_EmailStyle24

        {font-family:"Calibri",sans-serif;

        color:windowtext}

.x_MsoChpDefault

        {font-size:10.0pt}

@page WordSection1

        {margin:1.0in 1.0in 1.0in 1.0in}

div.x_WordSection1

        {}

-->

</style>

<div lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">

<div class="x_WordSection1">

<p class="x_MsoNormal">That’s clean,  easily parseable, and avoids the whole registry problem.   Good idea.</p>

<p class="x_MsoNormal"> </p>

<div>

<div>

<div>

<div>

<p class="x_MsoNormal"><b><span style="font-size:10.0pt; font-family:"Arial",sans-serif">Matt Domsch</span></b><span style="font-family:"Arial",sans-serif"><br>

</span><i><span style="font-size:9.0pt; font-family:"Arial",sans-serif">VP, Engineering Fellow</span></i><span style="font-size:9.0pt; font-family:"Arial",sans-serif"><br>

<span style="color:#00B5E2"><a href="mailto:matt.domsch@sailpoint.com"><span style="color:#00B5E2">matt.domsch@sailpoint.com</span></a></span></span></p>

<p class="x_MsoNormal"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:black">mobile: 512-981-6486</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#00B5E2">

</span><span style="font-family:"Arial",sans-serif"><br>

</span><b><span style="font-size:8.0pt; font-family:"Arial",sans-serif; color:#00B5E2"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sailpoint.com%2F&data=04%7C01%7CTim.Cappalli%40microsoft.com%7C2d19fab75ea3442bdb5208d91bc7d3cc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637571367339593927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NXoYoaH2ctiRk8pnTdRVkwIgJLHsYeZZKaVBsVYoUVM%3D&reserved=0" originalsrc="http://www.sailpoint.com/" shash="gCZD5f/6Vr2M6MfT+8djC58w45pdYa3ODNP/Ot8zt8KmjJpCO8zHCF+x2dEtRufYIb9BkggsDKUqyr7Q7h4lDU9S4C07PGX7NjP3udjYMKTHaYVcQO3JB64F+v8gAsZL2V61KA3V5wY0ns0fjYGnYpYNp6bomoJvcP1yhldTRN8="><span style="color:#00B5E2">www.sailpoint.com</span></a></span></b></p>

<p class="x_MsoNormal"> </p>

</div>

</div>

</div>

</div>

<p class="x_MsoNormal"> </p>

<div>

<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">

<p class="x_MsoNormal"><b>From:</b> Tim Cappalli <Tim.Cappalli@microsoft.com> <br>

<b>Sent:</b> Thursday, May 20, 2021 1:57 PM<br>

<b>To:</b> openid-specs-risc@lists.openid.net; Matt Domsch <matt.domsch@sailpoint.com><br>

<b>Subject:</b> Re: Complex Subject Identifiers format member</p>

</div>

</div>

<p class="x_MsoNormal"> </p>

<div>

<p class="x_MsoNormal"><span style="font-size:12.0pt; font-family:"Arial",sans-serif; color:black">Good catch Matt.</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-size:12.0pt; font-family:"Arial",sans-serif; color:black"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-size:12.0pt; font-family:"Arial",sans-serif; color:black">Could this be as simple as changing 11.1.2 to say "whose value is a Subject Identifier or Complex Subject as defined in section 3.2"?</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-size:12.0pt; font-family:"Arial",sans-serif; color:black"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-size:12.0pt; font-family:"Arial",sans-serif; color:black"> </span></p>

</div>

<div>

<blockquote>

<p class="x_MsoNormal"><i><span style="font-size:12.0pt; font-family:"Arial",sans-serif; color:black">11.1.2.  SSE Event Subject

</span></i></p>

<div>

<p class="x_MsoNormal"><i><span style="font-size:12.0pt; font-family:"Arial",sans-serif; color:black"> </span></i></p>

</div>

<div>

<p class="x_MsoNormal"><i><span style="font-size:12.0pt; font-family:"Arial",sans-serif; color:black">   The subject of a SSE event is identified by the "subject" claim</span></i></p>

</div>

<div>

<p class="x_MsoNormal"><i><span style="font-size:12.0pt; font-family:"Arial",sans-serif; color:black">   within the event payload,

<b>whose value is a Subject Identifier.</b>  The</span></i></p>

</div>

<div>

<p class="x_MsoNormal"><i><span style="font-size:12.0pt; font-family:"Arial",sans-serif; color:black">   "subject" claim is REQUIRED for all SSE events.  The JWT "sub" claim</span></i></p>

</div>

<p class="x_MsoNormal"><i><span style="font-size:12.0pt; font-family:"Arial",sans-serif; color:black">   MUST NOT be present in any SET containing a SSE event.</span></i></p>

</blockquote>

</div>

<div class="x_MsoNormal" align="center" style="text-align:center">

<hr size="2" width="98%" align="center">

</div>

<div id="x_divRplyFwdMsg">

<p class="x_MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black"> Openid-specs-risc <<a href="mailto:openid-specs-risc-bounces@lists.openid.net">openid-specs-risc-bounces@lists.openid.net</a>> on behalf of Matt Domsch via Openid-specs-risc

 <<a href="mailto:openid-specs-risc@lists.openid.net">openid-specs-risc@lists.openid.net</a>><br>

<b>Sent:</b> Tuesday, May 18, 2021 16:05<br>

<b>To:</b> <a href="mailto:openid-specs-risc@lists.openid.net">openid-specs-risc@lists.openid.net</a> <<a href="mailto:openid-specs-risc@lists.openid.net">openid-specs-risc@lists.openid.net</a>><br>

<b>Subject:</b> [Openid-specs-risc] Complex Subject Identifiers format member</span>

</p>

<div>

<p class="x_MsoNormal"> </p>

</div>

</div>

<div>

<div>

<p class="x_xmsonormal">The topic of registries of values came up today, which reminded me…</p>

<p class="x_xmsonormal"> </p>

<p class="x_xmsonormal">Complex Subject Identifiers defined in SSE do not have a format member [1], though it’s required by Subject Identifiers [2].  I know we didn’t want to make a huge list of possible combinations of complex subject identifiers.</p>

<p class="x_xmsonormal">Would it suffice to add a format of “complex” to the SI spec, or assign another collision-resistant string here as SI expects (e.g. “format” : “net.openid.sse.siformat.complex”)?</p>

<p class="x_xmsonormal"> </p>

<p class="x_xmsonormal">Thanks,</p>

<p class="x_xmsonormal">Matt</p>

<p class="x_xmsonormal"> </p>

<p class="x_xmsonormal">[1] <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps*3A*2F*2Fbitbucket.org*2Fopenid*2Frisc*2Fsrc*2Fmaster*2Fopenid-sse-framework-1_0.txt%26data%3D04*7C01*7Ctim.cappalli*40microsoft.com*7C41c2d7d16e1c4c1c9ede08d91a3845d8*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C637569668119917636*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26sdata%3DuU6fsFjQ2pfv*2Fy*2FnRfRrUcOVyeSpzxIQrQfQ*2FAwXbDE*3D%26reserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!MsNKLpFGsw!ewbqcbA55x_yJeNIMvvKlWGq_YdRwhLiY-27VLgPhpW_aIWRedSk8nozin4ArGMlaes%24&data=04%7C01%7CTim.Cappalli%40microsoft.com%7C2d19fab75ea3442bdb5208d91bc7d3cc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637571367339593927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=cuDE55HeDftfqO89zt4fLXp0MXJBNVHSj1absd2Gz2g%3D&reserved=0" originalsrc="https://urldefense.com/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Fbitbucket.org*2Fopenid*2Frisc*2Fsrc*2Fmaster*2Fopenid-sse-framework-1_0.txt&data=04*7C01*7Ctim.cappalli*40microsoft.com*7C41c2d7d16e1c4c1c9ede08d91a3845d8*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C637569668119917636*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=uU6fsFjQ2pfv*2Fy*2FnRfRrUcOVyeSpzxIQrQfQ*2FAwXbDE*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!MsNKLpFGsw!ewbqcbA55x_yJeNIMvvKlWGq_YdRwhLiY-27VLgPhpW_aIWRedSk8nozin4ArGMlaes$" shash="M1/G9vUjZohDSWKLYVMSwzI1gMA3OjhaPAWETEeKqcZoQpQYE5sEiAdX5Kn3mYMLypmH8kuSqNIgHXx7f0UuWIPN1Mobu/4au2giqNS15Xscl8Fqy8hF//omcp3IBTP1qm+cTqGmNtuP0tZo/0yarzcCgwU6hdL1VYNS6U2dh+I=">

https://bitbucket.org/openid/risc/src/master/openid-sse-framework-1_0.txt</a></p>

<p class="x_xmsonormal">[2] <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps*3A*2F*2Fgithub.com*2Frichanna*2Fsecevent*2Fblob*2Fmaster*2Fdraft-ietf-secevent-subject-identifiers.md%26data%3D04*7C01*7Ctim.cappalli*40microsoft.com*7C41c2d7d16e1c4c1c9ede08d91a3845d8*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C637569668119917636*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26sdata%3DCAQo1pO09Gjyc0qSis07u8RV3nMd4UGCc2C*2F4*2BwrndU*3D%26reserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSU!!MsNKLpFGsw!ewbqcbA55x_yJeNIMvvKlWGq_YdRwhLiY-27VLgPhpW_aIWRedSk8nozin4AAQpuElk%24&data=04%7C01%7CTim.Cappalli%40microsoft.com%7C2d19fab75ea3442bdb5208d91bc7d3cc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637571367339603885%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=q5wDVN5Kq%2F6gjJ3JOCIzGtVYNdd7K3qX9h5bpJw5k2I%3D&reserved=0" originalsrc="https://urldefense.com/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Fgithub.com*2Frichanna*2Fsecevent*2Fblob*2Fmaster*2Fdraft-ietf-secevent-subject-identifiers.md&data=04*7C01*7Ctim.cappalli*40microsoft.com*7C41c2d7d16e1c4c1c9ede08d91a3845d8*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C637569668119917636*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=CAQo1pO09Gjyc0qSis07u8RV3nMd4UGCc2C*2F4*2BwrndU*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSU!!MsNKLpFGsw!ewbqcbA55x_yJeNIMvvKlWGq_YdRwhLiY-27VLgPhpW_aIWRedSk8nozin4AAQpuElk$" shash="pLxZ2FZ0IpAQ8/KPG5Xj3KnsdoSJvnphkpaiSHLHxFD1UVuEYR1VgaQQ8sscGH2aEbZrljC1UPLeu8JHn05FmDDZhQo1d19tJBs3cZI1Z8Nrt67t68sso+8CXDKZRdxCGT1cFKLK/hRHtynik6fD/7gRRQD+GriAh9aksjRcgJo=">

https://github.com/richanna/secevent/blob/master/draft-ietf-secevent-subject-identifiers.md</a></p>

<p class="x_xmsonormal"> </p>

<p class="x_xmsonormal"> </p>

<div>

<div>

<div>

<p class="x_xmsonormal"><b><span style="font-size:10.0pt; font-family:"Arial",sans-serif">Matt Domsch</span></b><span style="font-family:"Arial",sans-serif"><br>

</span><i><span style="font-size:9.0pt; font-family:"Arial",sans-serif">VP, Engineering Fellow</span></i><span style="font-size:9.0pt; font-family:"Arial",sans-serif"><br>

</span><a href="mailto:matt.domsch@sailpoint.com"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#00B5E2">matt.domsch@sailpoint.com</span></a></p>

<p class="x_xmsonormal"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:black">mobile: 512-981-6486</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#00B5E2">

</span><span style="font-family:"Arial",sans-serif"><br>

</span><a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fwww.sailpoint.com*2F%26data%3D04*7C01*7Ctim.cappalli*40microsoft.com*7C41c2d7d16e1c4c1c9ede08d91a3845d8*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C637569668119927591*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26sdata%3DM29hgPAdnSS7Hj4vVtBPzrfd4v*2FlU1jnxLdxgkE8nHo*3D%26reserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUl!!MsNKLpFGsw!ewbqcbA55x_yJeNIMvvKlWGq_YdRwhLiY-27VLgPhpW_aIWRedSk8nozin4AS9Kede4%24&data=04%7C01%7CTim.Cappalli%40microsoft.com%7C2d19fab75ea3442bdb5208d91bc7d3cc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637571367339613854%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Cc6ipKIqGWlzUsIBOIR12fibBk%2FWT9uJrt4dR2xUycE%3D&reserved=0" originalsrc="https://urldefense.com/v3/__https:/nam06.safelinks.protection.outlook.com/?url=http*3A*2F*2Fwww.sailpoint.com*2F&data=04*7C01*7Ctim.cappalli*40microsoft.com*7C41c2d7d16e1c4c1c9ede08d91a3845d8*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C637569668119927591*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=M29hgPAdnSS7Hj4vVtBPzrfd4v*2FlU1jnxLdxgkE8nHo*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUl!!MsNKLpFGsw!ewbqcbA55x_yJeNIMvvKlWGq_YdRwhLiY-27VLgPhpW_aIWRedSk8nozin4AS9Kede4$" shash="izYeMSlPU0mNIItyRAgFCV8wiAjT5AsOr/J+w4It3vC611XBDL3A9Z0fPFhklTcOwQ16362BgB9GlOi0/6N3r8XWsDLhgjZ8y/KPov1pnG+Djig4R00hIOYsIej1Hb7Fuq6ohAN/zqUBEl/6F7kqFF6B4lxQb6+bJ5K7eaUYcrY="><b><span style="font-size:8.0pt; font-family:"Arial",sans-serif; color:#00B5E2">www.sailpoint.com</span></b></a></p>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</body>

</html>