IETF Logo Mail Archive

Re: [Id-event] I-D Action: draft-ietf-secevent-subject-identifiers-11.txt

Justin Richer <jricher@mit.edu> Wed, 13 July 2022 16:14 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A7CEC15A720 for <id-event@ietfa.amsl.com>; Wed, 13 Jul 2022 09:14:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XKm34mntbyjO for <id-event@ietfa.amsl.com>; Wed, 13 Jul 2022 09:14:29 -0700 (PDT)
Received: from outgoing-exchange-1.mit.edu (outgoing-exchange-1.mit.edu [18.9.28.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DCE8C16ECC5 for <id-event@ietf.org>; Wed, 13 Jul 2022 09:14:28 -0700 (PDT)
Received: from w92exedge3.exchange.mit.edu (W92EXEDGE3.EXCHANGE.MIT.EDU [18.7.73.15]) by outgoing-exchange-1.mit.edu (8.14.7/8.12.4) with ESMTP id 26DGE8rn023603; Wed, 13 Jul 2022 12:14:24 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1657728864; bh=6yJOnmVYCb1wO02R6l3cZRWEsw9Am83RGVdCXMIR9XU=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=MQyD0Q/uC0mKgxbM4uq+O37Tl5eKC9tNvdNBqQ1+CCoqB2MWTstU4WOfLiQkaXua9 BFHxHEC5ycBFKpjBj1wVEEkWgRnmVt6A3RY8PIiQtoCmm7zsYL4swQqfR9Udah5S+J 99/XEujZNaa8zJQTIeCHahLKUCHoWuC5wcZe9DwC9zUfbdfY3qbp5T0b+SriOV/FuR YNlgoAD2cMlmCqt0gX+1vuul6pKVO7wwdoR1jETQziSK09TcslfojIunuqzZNlLxck ZPiFc+9jJhgp/CP8eC+BrGWIq3T4lOJ4tLDB7vXTRTy5t8qs6EhIOcqNsIQebn8KQ3 BXFIpDM9U+5Xw==
Received: from w92expo32.exchange.mit.edu (18.7.74.44) by w92exedge3.exchange.mit.edu (18.7.73.15) with Microsoft SMTP Server (TLS) id 15.0.1497.36; Wed, 13 Jul 2022 12:13:42 -0400
Received: from oc11exhyb5.exchange.mit.edu (18.9.1.110) by w92expo32.exchange.mit.edu (18.7.74.44) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Wed, 13 Jul 2022 12:13:48 -0400
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.104) by oc11exhyb5.exchange.mit.edu (18.9.1.110) with Microsoft SMTP Server (TLS) id 15.0.1497.36 via Frontend Transport; Wed, 13 Jul 2022 12:13:48 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BDX6gr2e6JyExOIQ8fDEnQmlhV2+QyMUOIjE2LqYCY5jy9JgHA1k8fFKsyDbtxvhDdwTJ9gW5V9DND15QhWuVf5xxrC0pQiTEiJt4UYOwDlyhFD7NsNjFQpz+8A6ugx0rpitVxnv606sccFUtONUC8Znhhx15ncoE8Vwpwz7f13s7sRDCArTTQ/rEwy7urxDG80VikidO/xUqj7nj1tNHWsYVmkSHpOcAhZhlu6fxj5jiKSJdCIDET3x8xl5e5ZVGo8GL2ToFc2UxNV2tuSeU75/pB0Yyh1F9WREKDBRZImUW/RUVGUdJvnFrhGUzr9cy2R68aVFEQMCWyS5D7HuHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6yJOnmVYCb1wO02R6l3cZRWEsw9Am83RGVdCXMIR9XU=; b=YyIVj6F26wnotuRbzkDfcrwtg//uZlcRFrwwlDiP8ERjGHcrEZaEaR+KXr90IiG2MdJstz0uwG8bhmIh0qcwmXa3Lez5ifEGQarPNOadnOzW3vCYB9MALgXVkt5NUp993jBT2RDaW0a5b0uTz4Uq76o2cT0zZ1SyVzWwQbCYq/vJxWz7YlWxYY/ES9EilgDf8GMnbb/+WgsvCcFtwx2VeFF7Djw2130UTPonSzi2xAp5JaHZmo48joTqAiwvWEsH48VpFEAfxZ7MK1bi9aLE5BGSeq0VD4TfkLV0xPci2fHP4wJBHTu7r1z5SDBlCUwkMsSoQfkoIsrFkiH9eHkmOQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
Received: from DM6PR01MB4444.prod.exchangelabs.com (2603:10b6:5:78::15) by CH0PR01MB6921.prod.exchangelabs.com (2603:10b6:610:102::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.20; Wed, 13 Jul 2022 16:13:46 +0000
Received: from DM6PR01MB4444.prod.exchangelabs.com ([fe80::8f2:81b0:dab2:3f49]) by DM6PR01MB4444.prod.exchangelabs.com ([fe80::8f2:81b0:dab2:3f49%6]) with mapi id 15.20.5417.026; Wed, 13 Jul 2022 16:13:46 +0000
From: Justin Richer <jricher@mit.edu>
To: Prachi Jain <prachi.jain1288@gmail.com>
CC: "Backman, Annabelle" <richanna@amazon.com>, "id-event@ietf.org" <id-event@ietf.org>
Thread-Topic: [Id-event] I-D Action: draft-ietf-secevent-subject-identifiers-11.txt
Thread-Index: AQHYVbnqV6/yskMWAUubzgO2iAUFI60C8ZBKgCKzjYCAFEu4gIBBbAIAgAAB7QCAAMroAIAA0e4A
Date: Wed, 13 Jul 2022 16:13:46 +0000
Message-ID: <7781E80F-F81A-4F61-B5A8-DFA71546680C@mit.edu>
References: <165057098708.9791.15663968524996247808@ietfa.amsl.com> <0c05d86964e544818799c817287ebe2e@oc11expo18.exchange.mit.edu> <D881C6F7-5A08-4692-AEF5-54E6B6EC7793@amazon.com> <6056BB4E-5094-4AF5-B2E9-435C4E7C7B3A@mit.edu> <AB291F3C-D908-43D1-99F2-C4E121A5DFA1@mit.edu> <CAA1-vB03xh=CsjbFxWed+zYJ-j9YM9reXwY3HmrB=8BHz_ndEQ@mail.gmail.com> <CAA1-vB3hip0hyegWL7Rm7xNMeAcYJWBtPFFUA3uRT9BcppC+Ag@mail.gmail.com>
In-Reply-To: <CAA1-vB3hip0hyegWL7Rm7xNMeAcYJWBtPFFUA3uRT9BcppC+Ag@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 141dace4-6ce4-417b-89b7-08da64eaaa37
x-ms-traffictypediagnostic: CH0PR01MB6921:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lbC9tEIXzMwFm6rq57uxl8GbUX/hHbWhOElSQd0zVjlyYY8HRkkNDnoQ7MoUIxjjCt8NmFpNklWciPseveTQO24u/rpLVm0LHn2oGruQdsMpWqUXmJJ8YocrTc7xrny7dM2ms91pWiFZihVWbrgbAaJAYB7U8qoEqutQ327kDjFIi3GcrBSTYM3X6xvayecXwgIyIl6dgf3rFePefEvPBCqrM0IB4rzir4wSw7GqOKP3q7b+bGW6pig0mJimCNvSDxgWngq4aNPVZ2aTgPbHTrsclFWHZIK8qnRtaj4nWoIS52mS/gh89jAsq1wddPtunz738k3a9xAgidC4bzc0cL6SlkbWoPKp94SqQToFJSDkVFL9Tgzm5zWLlzv3W2/PA3lPFEjByMPUi4S2/lQ5T+UCc8IDYrBsuoWhxhnSjTTOVrmrV1sja3lXfhc3DwmthYlbdJ6S3cfd2dK25ykQ8qyUaqDnIWQkEyM0A40A0gZcfstQlNcrQCYl+a/1jA2YZQ0ucWmoa3rXQ5oN0gu2J59fFrmcJHLA6LNO3hKu5pFm8Y+N1yxYqJp9S3WILnSYHHsjiZPAkt0jTflgbGKztmv42RN3EoyeYCo5Qzn2eeKmotZVpjTKSW3PqbE0WG6DpBNgHNL4W/9jnUtfz5b2hofU+EmJYm0qtUsl5Em7n/YRslEKb/njeQEfO2g+ickZYY51HObMn4qHsqPWqWNqADnjFe1TFGBAgdrZlMTCqivWG6tmDEOipXD6u9f8hJElo0k22drV2Z58Zzr9FqIRK9OIHI/k0Bx164vznZ5F8Z4SdfYEk2URlK8O/UeQm+06w73r3JKnJ11ts5YYlAwJE7ONPOhn4pNs3IcmXzpTS5iq3FRpybV8dWWewMYtrezz
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR01MB4444.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(39860400002)(396003)(136003)(366004)(376002)(346002)(26005)(30864003)(41320700001)(38100700002)(2906002)(478600001)(36756003)(66556008)(6506007)(53546011)(83380400001)(8936002)(5660300002)(33656002)(75432002)(122000001)(41300700001)(8676002)(4326008)(66574015)(2616005)(166002)(186003)(38070700005)(966005)(76116006)(54906003)(6486002)(6512007)(66946007)(6916009)(786003)(66476007)(91956017)(64756008)(71200400001)(316002)(66446008)(86362001)(579004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: tL+3vpEuhDdcSkdjp2rqXfjI8uUyN+Vi/OAB7RjbX4917RkmN9flt15HSmuBiDufX2Yy02idUHtwkKvup/N4P3Fy4CEYNX8JjOAxOHp6vGKtkGtKA2LnvaLHY3aC+bdDPYzNQH+rkDYRxGOZPyyqaOTjtRYR24L9Nlkiop3dLl+eLJ8V/4SAbwwF7OlVfzu4THmYx8MNkkHw2V4gZlZjxTxRESqtWkC6LkvMLRspiGs9fkVI/i/zVPLSDgTEdywejJrYF/rRixRlJ0k8JKHBCD2A2ryOFpwR7aFV+bYj3/HX+mB/v7bT+FYX4b+kbfrw59NnRH4S7mSK322+tyvRzoO8ge/fjFdxHEE6yUV+IDUIDadDuweBBuEZNml6yLKuqqEzeJ6ahsqt9j2XaFpTgiUuPrTyd6puBc0sw7xvO5GXVE4yIC+107ceKuZgfuXt/FN3dynjpTteXLix1rsJdpQdWe+PAVv5JhidhiaSUi4nu1SzvC19QdecGFziSpKgIvqeAs5LM3iVLkoNJzw8vM+h+M/1QHnR3UU42KcQ8mI2Oh09tJC8ZSj9Ay9dV7hl/EXh7VYd1DwQrmSpK8+678Lzq7WOa3qUmYm3HHHh5NNf9iROS/Uca3uNmQ/jai0OB3ysoP+H3uoZjqQ17NzGYIb9KIrLa9J1jJowwr3KCVx/2YihFbQpIESkf6ktiYNRJwwwRnZl9UXHH6Og7aXfH1j/8hnz0kCa+H/qIx7TxBmwnCTdRM1ocPSJO27vjrYQ7hDMB/wtnc+sk5HUqI4R4Qxlmb8yJ4soU//HgtxhDMgdTw5tQMgrv3zKQWrTYI9zevjAYiwmQHgw0n69uSNkg5Q8BEjphzCSMJV3oBm3gD7966ZmwX4knfLwO0TYqOARqMvgChzlp8ujlEStzFSVSp78w2EnFb/9Ii1gHxRyp0sAKvfJg2ZA8nT5PyK4D5TzTgUGgVt3gULVKmsvYCXNKCuf80QGEScOQvq/LbNCS8rTgsoIpDhJp0Z1s4S+JzQNPpH3K2xNG7NCYklTQH2++KdkxMUiaZrw7s2QgetFyj9KxSlmiLcjzSTrBnkhGBH2uK1iPQpnEKyOK2ggnM3PBcZ7WTq52apkAwGX9LKljxeXjvqdIPxfJsz1+H6e0blKHvWqnWsi7mxfg04jLLuhY37J07aOahN6pNsj08NE7jbstWm534HzZYDBSrNzFFVM/Z2hvqPgHo6OKtyWv9WTG2tYeAO2Hnn7QKsKqudP678zI25r9dfUCwn+TV6CdyYXvP71jwmlKUj0Qpc4siDJiIDH1IgFSJzSRqrXTKwzynfWpKNeMuTF76j7zPnuPhx21EZK/rrpa4B7jI0iaQc882qGyY/aiVyn200Ax4Stl9UfvxId7ENZxQ5zpKt9fk73zmjywhSWLZRcd5wP9YBXwJ2XivUN5mLDg62L8/hQbYBSdt4sQl4YbvjfHPHWh0jRjoL1mpcYROzaeAjYaSla93Gypro0f15GtksMF1YzOdsHtpbR2x+xKe/zD3kJP7qHpmD1XbxhP5azvKxuRp+BVXsa8l/wtkwD1CllQUdsyzNZxbmmmrdY/qCVF9KcLQeF
Content-Type: multipart/alternative; boundary="_000_7781E80FF81A4F61B5A8DFA71546680Cmitedu_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR01MB4444.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 141dace4-6ce4-417b-89b7-08da64eaaa37
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jul 2022 16:13:46.7081 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5ykk4v8X3IY614t/zWJpR7UuzREpQvOIbMF0dkA0RTKSqX9uF4lgG+ZmjZM3Gs4l
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR01MB6921
X-OriginatorOrg: mit.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/1MGbgBYGL5-j8l881D3Py4M-2GU>
Subject: Re: [Id-event] I-D Action: draft-ietf-secevent-subject-identifiers-11.txt
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2022 16:14:32 -0000

Prachi,

It’s unfortunate that you don’t have access to Annabelle’s GitHub repository, but hopefully she can get you added. If not, you can always fork the repository and keep the code there if she’s unavailable to add you to the permissions list. Additionally, you can take the XML file and upload it as a new version directly, without merging it in GitHub (though having a record in GitHub is preferable).

 — Justin

On Jul 12, 2022, at 11:42 PM, Prachi Jain <prachi.jain1288@gmail.com<mailto:prachi.jain1288@gmail.com>> wrote:

Hi Justin,

Your changes look good to me and I created another PR<https://github.com/richanna/secevent/pull/9> incorporating your updates and some. Again thank you for creating the PR. I cannot merge since I don't have write access to the repo.
@Backman, Annabelle<mailto:richanna@amazon.com>  Can you please review and merge the changes? I will publish draft-12 as soon as datatracker opens.


-Prachi



On Tue, Jul 12, 2022 at 10:36 AM Prachi Jain <prachi.jain1288@gmail.com<mailto:prachi.jain1288@gmail.com>> wrote:
Thanks for submitting the PR, Justin. Appreciate it !!
I will take a look later today and publish if no changes need to be made.

-Prachi

On Tue, Jul 12, 2022 at 10:30 AM Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote:
I haven’t heard anything from the editors on this, so I went ahead and created a PR to restore the DID language that was accepted during WGLC, as well as add a generic URI format, as discussed in the email thread below.

https://github.com/richanna/secevent/pull/8

I would encourage the editors to accept this change and publish a new version once the datatracker opens again, and hopefully we can move this document forward to its next review stages.

 — Justin

On May 31, 2022, at 4:25 PM, Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote:

Annabelle and I have had a chance to discuss this directly, but I wanted to take a moment to record my response here for the group as well. I believe we now understand each other that the `did` format should be restored, alongside a generic `uri` format, with overall guidance on where and how to use each. Namely, use the most specific semantically appropriate format that you can. The reasons for my stance, and what I believe are the conclusions we agreed to, are discussed inline below:

On May 18, 2022, at 6:29 PM, Backman, Annabelle <richanna@amazon.com<mailto:richanna@amazon.com>> wrote:

There appear to be some issues with -11:

  1.  The definition for `did` was removed, but not the `did` entry in the format registry
  2.  No replacement `url` format was added.

Justin, my understanding is that your concerns are directed at the proposal to replace `did` with `url`, and thus would not be addressed by adding the missing `url` format. Is that correct? Assuming that is the case...

My concerns with the removal of `did` would NOT be addressed by the addition of a generic `url` or `uri` format. The primary reason for this, and to me a primary driver for the subject identifiers work, is that the subject identifier format defines not only the syntax of the identifier but also its semantic content. I do not believe that it is appropriate to remove the semantic information from the format and push it all down into the lower layer.


Replacing `did` with `url` doesn't push the semantic information anywhere; the semantic information is there in the lower layer already. Having a separate `did` format pulls that information up into the subject identifier format layer, encoding the same information twice. That significantly complicates processing and could hurt interoperability.

In fact, it does the opposite. One could make the argument that because we have “mailto:” URLs (rfc2368) and “tel:” URLs (rfc3966) then we don’t actually need the `email_address` or `phone_number` formats either, since we could just encode all that in the URL itself. And then there’s no need for an `opaque` because you could easily use a `urn` to solve that problem. Even the issuer/subject pair COULD be formatted as a single URL, if someone just sat down and made a syntax for it (and people argued for exactly that in OIDC, but it didn’t get anywhere).

So, in that world, why even bother with the subject identifiers? Let me tell you why:

When I’m creating a subject identifier block in my application, I know what kind of identifier it is. I want to tell the receiver that I specifically know what kind of identifier it is. The syntax for formatting the identifier itself is incidental to this — particularly if that syntax is itself a URL.


Consider the scenario where we have both `url` and `did` format types. An issuer might encode a DID using either format type; do processors that expect DIDs need to support both? If so then we've just made their lives harder. More likely, some would support both and some wouldn't, leading to unnecessary pain for parties that have to interoperate across processors and/or issuers.

We’d expect to use `did` here. I would not expect a processor to support both formats if they’re specifically looking for DIDs.

Now consider the scenario where we just have `url`. A processor that accepts DID URLs (possibly alongside other non-URL identifier formats) and no other URL types will see the `url` format, assume the value is a DID, and attempt to validate it or otherwise process it as a DID. Note that this step is necessary even if we have a `did` format, as it's always possible that the issuer provided a malformed subject identifier. Likewise, a processor that expects some other type of URL (e.g., an https URL) will have to parse the URL and confirm it has the expected scheme, and depending on the use case may also need to apply other security checks (e.g., matching against allowed origins, ensuring that the URL doesn't contain a username or password, etc.).

This is exactly why we shouldn’t have just `url` without other layers. If I’m processing a URL as an identifier, I may or may not want to do specific things with that URL. Or it might simply just be an identifier string, like someone’s homepage. I would be much more comfortable if the `url` format did not have any additional processing implied, but that more specific formats could require such processing, as you’d expect a DID to do in most cases.

I think the malformed subject identifier example is a strawman - any identifier could be “malformed”. But instead of allowing the processor to have a much more limited check of “is this a DID?”, we now have to have a wider check of “is this a URL, is it a kind I know how to process, and is there more processing that I need to do with it?”, and that’s where all of the problems in the above example come in to play.


In the case where a processor accepts both DIDs and some other type of URL, they have to parse and validate the URL and then branch based on the scheme, instead of just branching based on the identifier format.

Could a processor figure out that there was a DID url inside of a `url` block? Sure — but those are semantically different identifiers, just like if I had put a `mailto:` URL inside of a `url` block, I would not expect that to be treated with any particular equivalence to the same email address in an `email_address` block. And I think the draft can actually be explicit about that distinction:

 - there’s no guarantee of equivalence between the information in different formats
 - you should use the most specific format for the information you’re trying to convey


Are there other scenarios where the issuer or processor encounters more significant pain if we just have `url` versus if we have `url` and `did`?

Yes, I think the entire act of punting everything to the lower layer causes nothing BUT pain. This confusion stems from the fact that both URIs and the subject identifier formats both specify some level of semantic and syntactic constraint. However, mixing them in the way proposed is deeply problematic and would be disastrous in practice.

As such, the subject identifiers format should continue to provide semantic information about its contents, just like it has in the past before draft -10, and not simply turn into a meaningless way to put URLs into a JSON object.

 — Justin


—
Annabelle Backman (she/her)
richanna@amazon.com<mailto:richanna@amazon.com>




On Apr 26, 2022, at 5:36 PM, Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote:

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



I strongly disagree with the editor's removal of "did" from the spec and the reasons for doing so.pushing the semantic information off into a lower layer is not helpful in terms of complexity nor application. Now an application will need to parse the various url's to know what they are instead of being told in the data structure what's in there.

-Justin
________________________________________
From: Id-event [id-event-bounces@ietf.org<mailto:id-event-bounces@ietf.org>] on behalf of internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> [internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>]
Sent: Thursday, April 21, 2022 3:56 PM
To: i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>
Cc: id-event@ietf.org<mailto:id-event@ietf.org>
Subject: [Id-event] I-D Action: draft-ietf-secevent-subject-identifiers-11.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Security Events WG of the IETF.

       Title           : Subject Identifiers for Security Event Tokens
       Authors         : Annabelle Backman
                         Marius Scurtescu
                         Prachi Jain
       Filename        : draft-ietf-secevent-subject-identifiers-11.txt
       Pages           : 22
       Date            : 2022-04-21

Abstract:
  Security events communicated within Security Event Tokens may support
  a variety of identifiers to identify subjects related to the event.
  This specification formalizes the notion of subject identifiers as
  structured information that describe a subject, and named formats
  that define the syntax and semantics for encoding subject identifiers
  as JSON objects.  It also defines a registry for defining and
  allocating names for such formats, as well as the sub_id JSON Web
  Token (JWT) claim.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-secevent-subject-identifiers/

There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-secevent-subject-identifiers-11

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-secevent-subject-identifiers-11


Internet-Drafts are also available by rsync at rsync.ietf.org<http://rsync.ietf.org/>::internet-drafts


_______________________________________________
Id-event mailing list
Id-event@ietf.org<mailto:Id-event@ietf.org>
https://www.ietf.org/mailman/listinfo/id-event

_______________________________________________
Id-event mailing list
Id-event@ietf.org<mailto:Id-event@ietf.org>
https://www.ietf.org/mailman/listinfo/id-event


_______________________________________________
Id-event mailing list
Id-event@ietf.org<mailto:Id-event@ietf.org>
https://www.ietf.org/mailman/listinfo/id-event

_______________________________________________
Id-event mailing list
Id-event@ietf.org<mailto:Id-event@ietf.org>
https://www.ietf.org/mailman/listinfo/id-event

v2.23.0 | Report a Bug | By Email