<div dir="ltr">Hi all,<div>I have decided to go on vacation on Monday and Tuesday, so I won't be able to attend the call. Here's my view on this topic:</div><div><br></div><div>Each event type can specify which fields within the event have the format of a subject. The field names need not be limited to being "subject". So if there is an event (and there is none right now) which needs multiple fields that have the format of a subject, they can do so by naming the fields appropriately.</div><div><br></div><div>Thanks,</div><div>Atul</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Oct 6, 2021 at 1:05 PM Tim Cappalli via Openid-specs-risc <<a href="mailto:openid-specs-risc@lists.openid.net">openid-specs-risc@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<div dir="ltr">

<div style="font-family:Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

Shayne,</div>

<div style="font-family:Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

Can we discuss this on the WG call on Tuesday? I agree that this is too ambiguous so let's discuss how to fix the spec text.</div>

<div style="font-family:Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

Tim</div>

<div id="gmail-m_2342777779360671125appendonsend"></div>

<div style="font-family:Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<hr style="display:inline-block;width:98%">

<div id="gmail-m_2342777779360671125divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Openid-specs-risc <<a href="mailto:openid-specs-risc-bounces@lists.openid.net" target="_blank">openid-specs-risc-bounces@lists.openid.net</a>> on behalf of Shayne Miel (smiel) via Openid-specs-risc <<a href="mailto:openid-specs-risc@lists.openid.net" target="_blank">openid-specs-risc@lists.openid.net</a>><br>

<b>Sent:</b> Wednesday, October 6, 2021 11:55<br>

<b>To:</b> <a href="mailto:Openid-specs-risc@lists.openid.net" target="_blank">Openid-specs-risc@lists.openid.net</a> <<a href="mailto:Openid-specs-risc@lists.openid.net" target="_blank">Openid-specs-risc@lists.openid.net</a>><br>

<b>Subject:</b> [Openid-specs-risc] Questions about Subject in SSE events</font>

<div> </div>

</div>

<div dir="ltr">

<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

I have two questions about how to encode subjects in SSE events:</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<ol>

<li>In <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-sse-framework-1_0-01.html%23subject-ids&data=04%7C01%7Ctim.cappalli%40microsoft.com%7C031e210f95bf46b81f6308d988e1c807%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637691326519039191%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=%2BDyIRsBk%2FV4W9U%2BGq%2F2YF7QVh2zbl7xsGqa43yK42Ss%3D&reserved=0" title="https://openid.net/specs/openid-sse-framework-1_0-01.html#subject-ids" target="_blank">

section 3</a> of the SSE Framework spec it says that a claim of Subject type can have

<i>any</i> name and section 3.1 shows an example with "transferrer" as the claim. All of the examples in the CAEP and RISC specs use "subject" as the claim. Should there be something in the specification that enforces the use of "subject" as the claim name?

 If not, how should receivers know how to parse the event?</li><li>In the CAEP spec the examples all show the subject type indicated with the "format" field, which appears to be correct as described in

<a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-secevent-subject-identifiers%23section-3&data=04%7C01%7Ctim.cappalli%40microsoft.com%7C031e210f95bf46b81f6308d988e1c807%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637691326519049190%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=SGwJ2ESR2VRMhAZtmZPYGoC22LY7SSshYxVFADoJ7R4%3D&reserved=0" title="https://datatracker.ietf.org/doc/html/draft-ietf-secevent-subject-identifiers#section-3" target="_blank">

section 3 of the Subject Identifiers spec</a>. However, in the RISC spec all of the examples show that the subject type is identified with a "subject_type" field. Are the RISC spec examples incorrect? </li></ol>

</div>

<div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div id="gmail-m_2342777779360671125x_Signature">

<div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<table style="box-sizing:border-box;border-collapse:collapse;border-spacing:0px;max-width:100%;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:12px;text-align:start">

<tbody style="box-sizing:border-box">

<tr style="box-sizing:border-box">

<td width="50" style="box-sizing:border-box"><img width="50" height="50" style="box-sizing: border-box; vertical-align: middle; display: block;" src="https://duo.com/assets/img/email/duo-logo-email-signature.gif"></td>

<td width="10" style="box-sizing:border-box"><img width="10" height="50" style="box-sizing: border-box; vertical-align: middle; display: block;" src="https://duo.com/assets/img/email/spacer.gif"></td>

<td style="box-sizing:border-box">

<div style="box-sizing:border-box;margin:0px;font-family:Helvetica,sans-serif;display:inline">

<strong style="box-sizing:border-box;font-weight:bold;display:inline">Shayne Miel</strong><span> </span>

<div style="box-sizing:border-box;margin:0px;display:inline"><span style="box-sizing:border-box;color:rgb(153,153,153)">/</span><span> </span><span style="box-sizing:border-box">Engineering Technical Leader (he, him, his)</span></div>

<div style="box-sizing:border-box;margin:0px;display:inline"><br style="box-sizing:border-box">

<a href="mailto:smiel@cisco.com" style="box-sizing:border-box;color:rgb(99,178,70)" target="_blank">smiel@cisco.com</a></div>

<div style="box-sizing:border-box;margin:0px;display:inline"><br style="box-sizing:border-box">

<span style="box-sizing:border-box"><a href="tel:(919)%20923-6230" value="+19199236230" target="_blank">(919) 923-6230</a></span><span style="box-sizing:border-box"></span></div>

<div style="box-sizing:border-box;margin:0px;display:inline"><br style="box-sizing:border-box;display:inline">

<a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fduo.com%2F&data=04%7C01%7Ctim.cappalli%40microsoft.com%7C031e210f95bf46b81f6308d988e1c807%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637691326519049190%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=2W7klgTC%2FSuVxtmZaMxlnpWtlh43rALQii6HSUNsHvg%3D&reserved=0" style="box-sizing:border-box;color:rgb(99,178,70)" target="_blank">Duo.com</a></div>

</div>

</td>

<td style="box-sizing:border-box"><img width="1" height="50" style="box-sizing: border-box; vertical-align: middle; display: block;" src="https://duo.com/assets/img/email/spacer.gif"></td>

</tr>

<tr style="box-sizing:border-box">

<td colspan="4" style="box-sizing:border-box">

<div style="box-sizing:border-box;margin:0px;display:inline"><br style="box-sizing:border-box">

<span style="box-sizing:border-box;display:inline">----------<br style="box-sizing:border-box">

Duo Security is<span> </span><a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fduo.com%2Fabout%2Fpress%2Freleases%2Fcisco-completes-acquisition-of-duo-security&data=04%7C01%7Ctim.cappalli%40microsoft.com%7C031e210f95bf46b81f6308d988e1c807%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637691326519059181%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=eIVqc4Ou%2Buyra%2FUm2nrsLLn4EC8%2BTSItPin4xVEbsiQ%3D&reserved=0" style="box-sizing:border-box;color:rgb(99,178,70)" target="_blank">now

 part of Cisco</a>.</span></div>

</td>

</tr>

</tbody>

</table>

<br>

</div>

</div>

</div>

</div>

</div>

</div>

_______________________________________________<br>

Openid-specs-risc mailing list<br>

<a href="mailto:Openid-specs-risc@lists.openid.net" target="_blank">Openid-specs-risc@lists.openid.net</a><br>

<a href="http://lists.openid.net/mailman/listinfo/openid-specs-risc" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-risc</a><br>

</blockquote></div>