* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Secevent Status Pages

Security Events (Active WG)
Sec Area: Roman Danyliw, Benjamin Kaduk | 2016-Oct-28 —  

2020-01-10 charter

Security Events (secevent)


 Current Status: Active

     Dick Hardt <dick.hardt@gmail.com>
     Yaron Sheffer <yaronf.ietf@gmail.com>

 Security Area Directors:
     Roman Danyliw <rdd@cert.org>
     Benjamin Kaduk <kaduk@mit.edu>

 Security Area Advisor:
     Benjamin Kaduk <kaduk@mit.edu>

 Mailing Lists:
     General Discussion: id-event@ietf.org
     To Subscribe:       https://www.ietf.org/mailman/listinfo/id-event
     Archive:            https://mailarchive.ietf.org/arch/browse/id-event/

Description of Working Group:

  Many HTTP web services and APIs depend on a web security infrastructure that:
    * identifies security subjects and regulates their access to services
    * and provides profile and rights information to applications.

  Examples are systems that leverage user-agent session cookies
  (RFC6265), and OAuth2 (RFC6749). In order to prevent or mitigate
  security risks, or to provide out-of-band information as
  necessary, these systems need to share security event messages.
  For example, an OAuth authorization server, having received a
  token revocation request (RFC7009) may need to inform affected
  resource servers; a cloud provider may wish to inform another
  cloud provider of suspected fraudulent use of identity
  information; an identity provider may wish to signal a session
  logout to a relying party and does not wish to rely solely upon
  clearing a session cookie.

  It is expected that several identity and security working groups and
  organizations will use Identity Event Tokens to describe area-specific
  events such as: SCIM Provisioning Events, OpenID RISC Events, and
  OpenID Connect Backchannel Logout, among others.

  The Security Events working group will produce a standards-track Event
  Token specification that includes:
   - A JWT extension for expressing security events
   - A syntax that enables event-specific data to be conveyed
  This Event Token specification will be event transport independent.

  The working group will also develop a simple standards-track Event
  Delivery specification that includes:
   - A mechanism for delivering events using HTTP POST (push)
   - Metadata for describing event feeds
   - Methods for subscribing to and managing event feeds
   - Methods for validating event feed subscriptions

Goals and Milestones:
  Nov 2017 - WG last call of event delivery draft
  Jan 2018 - Event delivery draft to IESG as a Proposed Standard
  Mar 2018 - Recharter or Conclude
  Done     - Initial adoption of event token and event delivery drafts
  Done     - WG last call of event token draft
  Done     - Event token draft to IESG as a Proposed Standard

All charter page changes, including changes to draft-list, rfc-list and milestones:

Generated from PyHt script /wg/secevent/charters.pyht Latest update: 24 Oct 2012 16:51 GMT -