draft-ietf-secevent-token-06.txt   draft-ietf-secevent-token-07.txt 
Security Events Working Group P. Hunt, Ed. Security Events Working Group P. Hunt, Ed.
Internet-Draft Oracle Internet-Draft Oracle
Intended status: Standards Track M. Jones Intended status: Standards Track M. Jones
Expires: September 1, 2018 Microsoft Expires: September 5, 2018 Microsoft
W. Denniss W. Denniss
Google Google
M. Ansari M. Ansari
Cisco Cisco
February 28, 2018 March 4, 2018
Security Event Token (SET) Security Event Token (SET)
draft-ietf-secevent-token-06 draft-ietf-secevent-token-07
Abstract Abstract
This specification defines the Security Event Token (SET) data This specification defines the Security Event Token (SET) data
structure. A SET describes a statement of fact from the perspective structure. A SET describes a statement of fact from the perspective
of an issuer about the state of a security subject, which is intended of an issuer about the state of a security subject, which is intended
to be shared with one or more recipients. This statement of fact to be shared with one or more recipients. This statement of fact
represents an event that occurred to the security subject. In some represents an event that occurred to the security subject. In some
use cases, the security subject may be a digitial identity, but SETs use cases, the security subject may be a digitial identity, but SETs
are also applicable to non-identity use cases. A SET is a JSON Web are also applicable to non-identity use cases. A SET is a JSON Web
skipping to change at page 1, line 43 skipping to change at page 1, line 43
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 1, 2018. This Internet-Draft will expire on September 5, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 15, line 7 skipping to change at page 15, line 7
allows (or requires) that the JWT be unsecured, the means by which allows (or requires) that the JWT be unsecured, the means by which
the integrity of the JWT is ensured MUST be specified. the integrity of the JWT is ensured MUST be specified.
Profiling specifications MUST define how the event subject is Profiling specifications MUST define how the event subject is
identified in the SET, as well as how to differentiate between the identified in the SET, as well as how to differentiate between the
event subject's issuer and the SET issuer, if applicable. It is NOT event subject's issuer and the SET issuer, if applicable. It is NOT
RECOMMENDED for profiling specifications to use the "sub" claim in RECOMMENDED for profiling specifications to use the "sub" claim in
cases in which the subject is not globally unique and has a different cases in which the subject is not globally unique and has a different
issuer from the SET itself. issuer from the SET itself.
Among the syntax and semantics of SETs that profiling specifications Among the syntax and semantics of SETs that a profiling specification
define is whether and how multiple members of the JSON object that is may define is whether the value of the "events" claim may contain
the value of the "events" claim are used for SETs conforming to those multiple members, and what processing instructions are employed in
profiles. Many valid choices are possible. For instance, some the single- and multiple-valued cases for SETs conforming to that
profile. Many valid choices are possible. For instance, some
profiles might allow multiple event identifiers to be present and profiles might allow multiple event identifiers to be present and
specify that any that are not understood by recipients be ignored, specify that any that are not understood by recipients be ignored,
thus enabling extensibility. Other profiles might allow multiple thus enabling extensibility. Other profiles might allow multiple
event identifiers to be present but require that all be understood if event identifiers to be present but require that all be understood if
the SET is to be accepted. Some profiles might require that only a the SET is to be accepted. Some profiles might require that only a
single value be present. All such choices are within the scope of single value be present. All such choices are within the scope of
profiling specifications to define. profiling specifications to define.
Profiling specifications MUST clearly specify the steps that a Profiling specifications MUST clearly specify the steps that a
recipient of a SET utilizing that profile MUST perform to validate recipient of a SET utilizing that profile MUST perform to validate
skipping to change at page 27, line 14 skipping to change at page 27, line 14
Draft 06 - mbj - Changes were as follows: Draft 06 - mbj - Changes were as follows:
o Changed "when the event was issued" to "when the SET was issued" o Changed "when the event was issued" to "when the SET was issued"
in the "iat" description, as suggested by Annabelle Backman. in the "iat" description, as suggested by Annabelle Backman.
o Applied editorial improvements that improve the consistency of the o Applied editorial improvements that improve the consistency of the
specification that were suggested by Annabelle Backman, Marius specification that were suggested by Annabelle Backman, Marius
Scurtescu, and Yaron Sheffer. Scurtescu, and Yaron Sheffer.
Draft 07 - PH - Text refinement to Section 3 proposed by Annabelle
Backman post WGLC
Authors' Addresses Authors' Addresses
Phil Hunt (editor) Phil Hunt (editor)
Oracle Corporation Oracle Corporation
Email: phil.hunt@yahoo.com Email: phil.hunt@yahoo.com
Michael B. Jones Michael B. Jones
Microsoft Microsoft
 End of changes. 6 change blocks. 
8 lines changed or deleted 12 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/