IETF Logo Mail Archive

Re: [Id-event] RFC 9493 on Subject Identifiers for Security Event Tokens

Atul Tulshibagwale <atul@sgnl.ai> Tue, 12 December 2023 20:58 UTC

Return-Path: <atul@sgnl.ai>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA994C14F5EE for <id-event@ietfa.amsl.com>; Tue, 12 Dec 2023 12:58:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.905
X-Spam-Level:
X-Spam-Status: No, score=-6.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sgnl-ai.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZmiJR2D-LwEf for <id-event@ietfa.amsl.com>; Tue, 12 Dec 2023 12:58:32 -0800 (PST)
Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8450C14F5EC for <id-event@ietf.org>; Tue, 12 Dec 2023 12:58:32 -0800 (PST)
Received: by mail-pl1-x631.google.com with SMTP id d9443c01a7336-1d08a924fcfso57399685ad.2 for <id-event@ietf.org>; Tue, 12 Dec 2023 12:58:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sgnl-ai.20230601.gappssmtp.com; s=20230601; t=1702414711; x=1703019511; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=QjWPN4RsUzFjIyzRyVFngvu7WThEiAfBuD128IH0704=; b=bovlGcTBKB1gN6B/tsbK49MIi5/CWmjf2MDqkzrDKYU9MxtHxljHwmdCwP99ppNHXv tAYON8xl5T2yNXr5iib0yqVftZJGIGBxQJSpT72pJEDPpZYJgBa/ndhNcDE/EXHUYwSK 19x84dxbwln4yQU+ah6oMJINjBFnfaV0ZKgKOSMefP5zM62eVUJpuiOr3raMMywQTrpc o0kMBPds/PjyqLAnM3dd299ZT9DNAzP/0qCJNpCG8tvZtFrDhYngRRKtwzPmaCeDVLMH oAdx8W50WjwB7kgpWgjY64Uf4QsEgk/NobmXwnUSSYjAY5DiHjVD0lYUwNS4yyANQQq+ PTKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702414711; x=1703019511; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=QjWPN4RsUzFjIyzRyVFngvu7WThEiAfBuD128IH0704=; b=lG09tvEmCr0v3V7Rvs7n6VLc9zYPYB0K+h7Azt7S73hMpoyKsMuCzNIlRZqLCErCJB awjflPI8tueox8oQ4wsqdBfYFSL2Fh0A+6iNqutOr88P7KURmbkeVXYA98SxhAkcYI+X u2h8bcslf2GAgPpEE8y02yPqgj19AYI6YogIuendLtBg2hmwBh/tzr3XxFkLAVhyxGTv XzsJoJmuhiTNV90MYe2wb1sRT5KeR6RDKiKFLNkGUB1EW643Roe51TGIkBt4qd9dkbR7 w185IycP83c7dIN2jpWb/Q0hc8uzWyCI3eZSyWumOYqI4QkcHTJDo3fx5zwWf/10XZmK AEEw==
X-Gm-Message-State: AOJu0Yx19F1pFKPtf6fWY8qz3eEjls4BGg3SL2aOAfGvYW6a4MIJXHUc DUknYElFHzf+8qsfXdS6VtovmnB1Q/BmVq34OSt6n3jtF6dZFGfBFXk=
X-Google-Smtp-Source: AGHT+IESFwL7Jj56Jv1npYzBM7VWuo27gA6pMw/71E2eI3V98kRGBzUwfAGvFM9MEDrxMLjym8sM1FDfUH6W/bw8DKg=
X-Received: by 2002:a17:902:e54a:b0:1d0:ab0e:9154 with SMTP id n10-20020a170902e54a00b001d0ab0e9154mr8301555plf.125.1702414711366; Tue, 12 Dec 2023 12:58:31 -0800 (PST)
MIME-Version: 1.0
References: <20231207010618.7B21719073C5@rfcpa.amsl.com> <D41A05EF-7402-456B-8190-7C8EA65575A8@gmail.com> <CAA1-vB3fVQEu=eQbPYFk6DcQqvU3b8mzBYGJzOR9yzFw7WGAbQ@mail.gmail.com> <CANtBS9dvRAyXXUjCHKQtC3nyP+tXhYKmZ=Fb98qgX53er6Z5JQ@mail.gmail.com> <1CEC92EC-B8F1-49C9-9ED1-DD878FCAD1D1@gmail.com> <CANtBS9cQgw4gkfqoUSD73RbCN01u2kgpDVCct=T_O4tS2_vkOQ@mail.gmail.com> <A271E2B1-3DAC-46F6-A8B2-824E65B0B682@gmail.com>
In-Reply-To: <A271E2B1-3DAC-46F6-A8B2-824E65B0B682@gmail.com>
From: Atul Tulshibagwale <atul@sgnl.ai>
Date: Tue, 12 Dec 2023 12:58:15 -0800
Message-ID: <CANtBS9frArcH6RF7d2gQw5DVru_mpsUcWAtvUCbn_AyPmBZO1w@mail.gmail.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Cc: Prachi Jain <prachi.jain1288@gmail.com>, id-event@ietf.org
Content-Type: multipart/alternative; boundary="00000000000021bf45060c565041"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/8KZsx6fET2I93WqKbMivm6T_FBo>
Subject: Re: [Id-event] RFC 9493 on Subject Identifiers for Security Event Tokens
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Dec 2023 20:58:36 -0000

Hi Yaron,
I was referring to the use of the term "Security Event Identifier Formats
Repository" in the rest of the document. The errata has been updated to
reflect this now.

https://www.rfc-editor.org/errata/eid7727

Thanks,
Atul

On Tue, Dec 12, 2023 at 10:59 AM Yaron Sheffer <yaronf.ietf@gmail.com>
wrote:

> Hi Atul,
>
>
>
> Back to your original mail, “there are a few more changes that will flow
> from there, if this is considered to be an error.” Could you say what
> these changes are, so we can deal with this all in one go?
>
>
>
> Thanks,
>
>                 Yaron
>
>
>
> *From: *Atul Tulshibagwale <atul@sgnl.ai>
> *Date: *Tuesday, 12 December 2023 at 0:32
> *To: *Yaron Sheffer <yaronf.ietf@gmail.com>
> *Cc: *Prachi Jain <prachi.jain1288@gmail.com>, <id-event@ietf.org>
> *Subject: *Re: [Id-event] RFC 9493 on Subject Identifiers for Security
> Event Tokens
>
>
>
> Hi Yaron,
>
> I believe it is an error, because what is described in the RFC is not
> "Security Event Identifiers", they are "Subject Identifiers" within
> Security Event Tokens.
>
>
>
> I agree that the content of the registry matters more, but I am writing a
> draft that relies on this RFC and this registry in particular. It uses the
> same Subject Identifier formats, but not within SETs, and the API I'm
> defining in my draft has nothing to do with Security Events. Therefore it
> becomes confusing to the readers of my draft to be referencing an IANA
> registry named "Security Event Identifier Format Registry".
>
>
>
> I've filed an errata now: https://www.rfc-editor.org/errata/eid7727. I'm
> happy to discuss with the WG.
>
>
>
> Thanks,
>
> Atul
>
>
>
>
>
> On Mon, Dec 11, 2023 at 1:51 PM Yaron Sheffer <yaronf.ietf@gmail.com>
> wrote:
>
> Hi Atul,
>
>
>
> I am personally on the fence here because the original context is
> identifiers used in security events. See the RFC’s Introduction, where we
> start with security events and then slowly broaden the scope. However, if
> you think this is in error and should be fixed, feel free to file an errata
> [1] and we will discuss it.
>
>
>
> Ultimately what counts is the IANA registry [2] and whether it is
> comprehensible and useful.
>
>
>
> Thanks,
>
>                 Yaron
>
>
>
> [1] https://www.rfc-editor.org/errata.php#reportnew
>
> [2] https://www.iana.org/assignments/secevent/secevent.xhtml
>
>
>
> *From: *Atul Tulshibagwale <atul@sgnl.ai>
> *Date: *Monday, 11 December 2023 at 21:54
> *To: *Prachi Jain <prachi.jain1288@gmail.com>
> *Cc: *Yaron Sheffer <yaronf.ietf@gmail.com>, <id-event@ietf.org>
> *Subject: *Re: [Id-event] RFC 9493 on Subject Identifiers for Security
> Event Tokens
>
>
>
> Thanks Yaron,
>
>
>
> I think I discovered an issue with the spec, just as I was trying to refer
> to it:
>
>
>
> Section 8.1 is named "Security Event Identifier Formats Registry". Should
> it be named "Subject Identifier Formats Registry"? There are a few more
> changes that will flow from there, if this is considered to be an error.
>
>
>
> Atul
>
>
>
>
>
> On Thu, Dec 7, 2023 at 3:51 AM Prachi Jain <prachi.jain1288@gmail.com>
> wrote:
>
> Thanks Yaron. Truly appreciate the guidance and support in getting this
> past the finish line.
>
>
>
> On Thu, Dec 7, 2023 at 5:04 AM Yaron Sheffer <yaronf.ietf@gmail.com>
> wrote:
>
> Congratulations on this last deliverable of the Security Events working
> group. Thanks to Annabelle and Prachi who drove this document to completion!
>
>         Yaron
>
> On 07/12/2023, 3:06, "id-event-bounces@ietf.org <mailto:
> id-event-bounces@ietf.org> on behalf of rfc-editor@rfc-editor.org <mailto:
> rfc-editor@rfc-editor.org>" <id-event-bounces@ietf.org <mailto:
> id-event-bounces@ietf.org> on behalf of rfc-editor@rfc-editor.org <mailto:
> rfc-editor@rfc-editor.org>> wrote:
>
>
> A new Request for Comments is now available in online RFC libraries.
>
>
>
>
> RFC 9493
>
>
> Title: Subject Identifiers for Security Event Tokens
> Author: A. Backman, Ed.,
> M. Scurtescu,
> P. Jain
> Status: Standards Track
> Stream: IETF
> Date: December 2023
> Mailbox: richanna@amazon.com <mailto:richanna@amazon.com>,
> marius.scurtescu@coinbase.com <mailto:marius.scurtescu@coinbase.com>,
> prachi.jain1288@gmail.com <mailto:prachi.jain1288@gmail.com>
> Pages: 18
> Updates/Obsoletes/SeeAlso: None
>
>
> I-D Tag: draft-ietf-secevent-subject-identifiers-18.txt
>
>
> URL: https://www.rfc-editor.org/info/rfc9493 <
> https://www.rfc-editor.org/info/rfc9493>
>
>
> DOI: 10.17487/RFC9493
>
>
> Security events communicated within Security Event Tokens may support
> a variety of identifiers to identify subjects related to the event.
> This specification formalizes the notion of Subject Identifiers as
> structured information that describes a subject and named formats
> that define the syntax and semantics for encoding Subject Identifiers
> as JSON objects. It also establishes a registry for defining and
> allocating names for such formats as well as the JSON Web Token (JWT)
> "sub_id" Claim.
>
>
> This document is a product of the Security Events Working Group of the
> IETF.
>
>
> This is now a Proposed Standard.
>
>
> STANDARDS TRACK: This document specifies an Internet Standards Track
> protocol for the Internet community, and requests discussion and
> suggestions
> for improvements. Please refer to the current edition of the Official
> Internet Protocol Standards (https://www.rfc-editor.org/standards <
> https://www.rfc-editor.org/standards>) for the
> standardization state and status of this protocol. Distribution of this
> memo is unlimited.
>
>
> This announcement is sent to the IETF-Announce and rfc-dist lists.
> To subscribe or unsubscribe, see
> https://www.ietf.org/mailman/listinfo/ietf-announce <
> https://www.ietf.org/mailman/listinfo/ietf-announce>
> https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist <
> https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist>
>
>
> For searching the RFC series, see https://www.rfc-editor.org/search <
> https://www.rfc-editor.org/search>
> For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk <
> https://www.rfc-editor.org/retrieve/bulk>
>
>
> Requests for special distribution should be addressed to either the
> author of the RFC in question, or to rfc-editor@rfc-editor.org <mailto:
> rfc-editor@rfc-editor.org>. Unless
> specifically noted otherwise on the RFC itself, all RFCs are for
> unlimited distribution.
>
>
>
>
> The RFC Editor Team
> Association Management Solutions, LLC
>
>
> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org <mailto:Id-event@ietf.org>
> https://www.ietf.org/mailman/listinfo/id-event <
> https://www.ietf.org/mailman/listinfo/id-event>
>
>
>
>
> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org
> https://www.ietf.org/mailman/listinfo/id-event
>
> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org
> https://www.ietf.org/mailman/listinfo/id-event
>
>

v2.23.0 | Report a Bug | By Email