Re: [Id-event] Consensus :: Single Event Syntax
Marius Scurtescu <mscurtescu@google.com> Fri, 08 December 2017 00:48 UTC
Return-Path: <mscurtescu@google.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EA6E126C26 for <id-event@ietfa.amsl.com>; Thu, 7 Dec 2017 16:48:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m7gISgsvWbsC for <id-event@ietfa.amsl.com>; Thu, 7 Dec 2017 16:48:23 -0800 (PST)
Received: from mail-it0-x234.google.com (mail-it0-x234.google.com [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74D9F120726 for <id-event@ietf.org>; Thu, 7 Dec 2017 16:48:23 -0800 (PST)
Received: by mail-it0-x234.google.com with SMTP id b5so1403983itc.3 for <id-event@ietf.org>; Thu, 07 Dec 2017 16:48:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=SN6qFZhcFYqKp6zzymmPf5+SnEQ/JoPpndOnLDTmZWM=; b=Oj9wzQ4TAmc7SVER2gs+x9iDOba26CRzoeK9wd5M3Uiux2gj6NdD/8MaQGuuFxMmke 3QmPvX1XJu2fNn4acSs/HCACyZJRilpuDUqri6DMKK0CHnyhWN2UVzq8k9G9AoeexwjD QtW6GdonDq/7cGeL7EkMrAsIcGILzlXlU3RsJQ3Z+moRg3oReivLKLauab5fO0i6SOzp jFhBr4f5oHqCt/W93Qjwc6H24G9HWCQKCfSSwG+GzFrq0a+E6Qk+3AHmXTVTUiA/BWQH Ou8NSTTaPTqLhYzBnli+uQRdG88Scodr+KQLpPNUVXpKRi+m/q3jVbDY+JQjWy6Ohdsh m4Eg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=SN6qFZhcFYqKp6zzymmPf5+SnEQ/JoPpndOnLDTmZWM=; b=h6tR1fk8dXIg7Zk6ylCEqW9M5S97iz6/oVhE4n8jkeMC5k/UkSTZlSKj/vc81bwZ2G Msn2gCDOiKJxLRSlzfgrTReVa5vOthaou+r9lQ6JmdgWCWf7c6xn9Gx2XX6YUnJkxJw1 7C6DYohMi+9BPIZvGwUWR6a2uAUhEiR5R0K2cUmn4GpAhI5q2CBAe99o9FVTO0bVVQci 2mUqxohtiEPdCuJtzDCkahYDxbfNg7abFOKlGtHIXQDHwdSMkekEqAp39EWU7Tf0/I58 rSoeQ/Bd+IxuGfLfOCg/xteg6v8lNJMIftC/koF2n6zI2vQJ3fU5Ha1QUVI36iKm0edi 6PWw==
X-Gm-Message-State: AKGB3mIR8jm3oYBryvXpCvrSJU9QAK7DCA24G6fywTQsnpQHwyzdtYGI II0CLIz3VkW8qYNv2O90v5qBoCzQ00EAJl/e+0rzbQ==
X-Google-Smtp-Source: AGs4zMZcVbDp9akNXBaWSRYE/g0ftiF18rDIfP43cIIF17npHAhr5/ljjHdBJ5ZpxBBrOXBRc6ZtW7ZUTyLRx7VigAY=
X-Received: by 10.36.39.8 with SMTP id g8mr1068534ita.42.1512694102295; Thu, 07 Dec 2017 16:48:22 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.34.19 with HTTP; Thu, 7 Dec 2017 16:48:01 -0800 (PST)
In-Reply-To: <7D8D1499-7F37-4CF1-B638-561450CABCDF@cisco.com>
References: <CAD9ie-s_tmCqwBh0u=89Zx7FZEUMq0-TcPY_t-3t006oTrTbmw@mail.gmail.com> <C7C5A5CC-351F-4F65-9977-19508ECF8A65@oracle.com> <BN6PR21MB0500C56E9363709A8538EED8F53E0@BN6PR21MB0500.namprd21.prod.outlook.com> <7D8D1499-7F37-4CF1-B638-561450CABCDF@cisco.com>
From: Marius Scurtescu <mscurtescu@google.com>
Date: Thu, 07 Dec 2017 16:48:01 -0800
Message-ID: <CAGdjJp+K=ht6S=JiDSAuir_HopNuis7s5Ykjhi+ZcVhFfW7Tig@mail.gmail.com>
To: "Morteza Ansari (moransar)" <moransar@cisco.com>
Cc: Mike Jones <Michael.Jones@microsoft.com>, Phil Hunt <phil.hunt@oracle.com>, SecEvent <id-event@ietf.org>, Yaron Sheffer <yaronf.ietf@gmail.com>, Dick Hardt <dick.hardt@gmail.com>
Content-Type: multipart/alternative; boundary="001a1147c5ac9fa47b055fc98a77"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/ErJ-USNGfcYRB9kDlrPB2rUd8Gc>
Subject: Re: [Id-event] Consensus :: Single Event Syntax
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Dec 2017 00:48:27 -0000
comments inline... On Sun, Dec 3, 2017 at 11:40 PM, Morteza Ansari (moransar) < moransar@cisco.com> wrote: > I have gone through the minutes Dick posted from the main and side > meetings and I went back through the mailing list threads on the topic > (thanks Phil for the pointers). To be honest I am still at a loss as to why > this is such a contentious issue. I feel the current SET spec addresses all > the use cases we have identified so far and the complexity of handing > events vs. event is very minimal. > Sure, we can live with "events" (except for Tony, his use case is not met). Why can't we take implementation feedback and improve the spec? > > > Furthermore with some minor additions along what Yaron suggested in > https://www.ietf.org/mail-archive/web/id-event/current/msg00736.html or > something similar we should be able to handle the case where some profile > wants to define additional restriction on the SET. > That helps writing profiles, still leaves room for ambiguity and privacy issues when implementing a transmitters. Something like "Profiling specifications SHOULD define the allowed event statements" cannot be enforced in a parser, this is just a recommendation (easy to miss by an implementer). > > Given the data and discussion so far, I am with Mike & Phil in the support > of SET as defined in the WG document. > > > > > > Cheers, > > Morteza > > > > *From: *Id-event <id-event-bounces@ietf.org> on behalf of Mike Jones < > Michael.Jones@microsoft.com> > *Date: *Friday, December 1, 2017 at 7:17 PM > *To: *Phil Hunt <phil.hunt@oracle.com>, SecEvent <id-event@ietf.org> > *Cc: *Yaron Sheffer <yaronf.ietf@gmail.com>, Dick Hardt < > dick.hardt@gmail.com> > > *Subject: *Re: [Id-event] Consensus :: Single Event Syntax > > > > I am strongly opposed to making a change to reintroduce a distinction > between primary and secondary events. This topic has been heavily > discussed in the working group and people very clearly came down on the > side of having no such distinction. Annabelle’s draft needlessly > reintroduces this distinction, with the result being a breaking change and > making the structure more complicated, not less. See the deeply nested > “related events” structure in https://tools.ietf.org/html/ > draft-backman-secevent-token-03#section-3 to understand some of the of > the additional complexity being proposed. > > > > The working draft already meets the needs of multiple use cases and is in > production use. There are not sufficient reasons to reintroduce complexity > that was previously soundly rejected and to make wholesale design changes > after working group last call. > > > > We should stay with what already works and complete the SET spec in a > timely fashion. > > > > -- Mike > > > > *From:* Id-event [mailto:id-event-bounces@ietf.org > <id-event-bounces@ietf.org>] *On Behalf Of *Phil Hunt > *Sent:* Friday, December 1, 2017 10:36 AM > *To:* SecEvent <id-event@ietf.org> > *Cc:* Yaron Sheffer <yaronf.ietf@gmail.com>; Dick Hardt < > dick.hardt@gmail.com> > *Subject:* Re: [Id-event] Consensus :: Single Event Syntax > > > > For historical purposes, this has been discussed twice before (once at the > request of Annabelle). > > > > I think it would be helpful, why, after WGLC, this issue is being brought > forward yet again. Dick has stated that Annabelle’s concern that she finds > it difficult to implement is sufficient. Yet, I’m not sure we are > entertaining a new concern here. No new information was provided. > > > > I note that at the time, the chairs did not feel there was a lack of > consensus in order to call for one in the past. > > > > On some of these matters, the choice may be arbitrary, and that is why I > think keeping track of prior discussion is important so that we can clearly > move forward and not repeat discussion of the past further confusing > consensus. > > > > While I advocated for singular events as a possibility in the past, I now > have much more stronger technical reasons for the WG draft design, which > have strengthened rather than weakened in the past week. I will share these > later, after the minutes have been published. > > > > On Dec 10, 2016, Yaron while reviewing the ID draft-hunt-idevent-token-07 > [1]: > > * Why "events" and not "event"? We don't really have support for > > multiple events. Certainly not if they are all of the same type. > > The current text is confusing: "events" is not the same as "a > > primary event and its extensions”. > > [MIKE] Reflects your earlier comment re: primary vs. extensions. "events” is > > plural to reflect the fact that the attribute is multi-valued. I agree, > > given that only one primary event can be included, the naming is misleading. > > > > From later in the thread [2]: > > * 2: "first value" is meaningless. JSON objects are unordered (4th > paragraph of RFC 7159). If order /is/ important, we could make > "events" into an array. > > *[Phil] *Yup. How would the group like to fix this? We could make > “events” > singular and have an extensions attribute to hold the extensions. Or we > could go to a more complex JSON structure (not personally a fan). > > > *[Yaron]* I'm personally fine with a main "event" object and an > "extensions" attribute. I can even live with "event" being called "events", > per Mike's proposal. But the structure needs to make sense as a JSON object > if we want it implemented. > > > > [PH] Thread: Should the primary event be a separate attribute? > > > > We had this broken out before. If there is sufficient desire to break it > out again, I have no objection. > > > > Then following WG adoption, I re-reraised the issue after discussion with > Annabelle draft-secevent-token-00 [3]: > > On this topic, following Yaron’s comments Mike Jones raised some points > that there should be no distinction between primary events and extensions ( > https://mailarchive.ietf.org/arch/msg/id-event/0Hhg46ROcidQDLL7OnXUs88TJ9U). > Summarizing: > > * Processors will run through all of them regardless. It is not > necessarily helpful to understand which is a primary vs. extension > > * Let’s drop distinction between primary vs. extension. You can simply > express one or more sets of event attributes in a single JWT > > > > My proposal is to drop this terminology in the text and keep the attribute > multi-valued. The purpose of the attribute is to inform the reader what > events are being asserted and what additional data may be present. It is up > to the reader to ultimately infer meaning when one or more URIs are > present. Further, when multiple URIs are present it must still to make a > combined statement about a single state change about a subject. It must not > be used to convey multiple distinct (e.g. transactions) events about a > subject. > > > > Assuming everyone agrees, I will plan to remove these distinctions in the > next update with some new text. Please comment if you have concerns. > > > > To which Mike Jones responded [4] > > I believe we already had consensus to drop the primary/secondary > distinction, which we intentionally did before adoption of the working > group draft. I believe any such distinction will both be unhelpful and > result in syntactic complexity. Please let’s finish stamping out the > notion that any of the events in a SET are somehow different than the > others. > > > > William Denniss wrote [5]: > > I agree with your proposal. > > > > They're all just events. Up to implementors to define & categorize their > events how they like. > > > > Marius also agreed (he may have switched positions now) [6]: > > I also think it makes sense to remove the primary/secondary distinction. > > > Marius > > > > Justin also agreed (and may have switched positions) [7] > > +1, drop "primary" and keep it an object > > -- Justin > > > > References: > > [1] - https://www.ietf.org/mail-archive/web/id-event/current/msg00298.html > > [2] - https://www.ietf.org/mail-archive/web/id-event/current/msg00299.html > > [3] - https://www.ietf.org/mail-archive/web/id-event/current/msg00345.html > > [4] - https://www.ietf.org/mail-archive/web/id-event/current/msg00347.html > > [5] - https://www.ietf.org/mail-archive/web/id-event/current/msg00349.html > > [6] - https://www.ietf.org/mail-archive/web/id-event/current/msg00365.html > > [7] - https://www.ietf.org/mail-archive/web/id-event/current/msg00406.html > > > > Phil > > > > Oracle Corporation, Identity Cloud Services Architect > > @independentid > > www.independentid.com > > phil.hunt@oracle.com > > > > > On Dec 1, 2017, at 8:50 AM, Dick Hardt <dick.hardt@gmail.com> wrote: > > > > Is it important to syntactically ensure that only one event is in a SET? > For privacy reasons, some use cases want to ensure that only one signal is > in a SET. > This adds some additional complexity for use cases that want to include > multiple signals in a SET. > > See https://tools.ietf.org/html/draft-backman-secevent-token-02 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dbackman-2Dsecevent-2Dtoken-2D02&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=p986FFBYCnXfbWjoBBpAe4IarEj1m7ezmVE3DPSQzwY&s=P-rrbMomS-aMBQQ0HPfPzvNPkWHLDYs8SsugRHx-eLM&e=> for > an proposed syntax that ensures one event per SET, and enables multiple > events per SET when desired > > > > We will track results here: https://github.com/IETF- > SecEvent/Drafts/issues/1 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_IETF-2DSecEvent_Drafts_issues_1&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=p986FFBYCnXfbWjoBBpAe4IarEj1m7ezmVE3DPSQzwY&s=3f7fFs9ZKZrg1ScI3Ml2r8ykvHGuBbup831kDUNklfw&e=> > > > > Discussion to be on the mail list as usual, not in the issue tracker! > > > > /Dick > > _______________________________________________ > Id-event mailing list > Id-event@ietf.org > https://urldefense.proofpoint.com/v2/url?u=https-3A__www. > ietf.org_mailman_listinfo_id-2Devent&d=DwICAg&c= > RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r= > na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m= > p986FFBYCnXfbWjoBBpAe4IarEj1m7ezmVE3DPSQzwY&s=YnAKATJz3qVYniVaDUIMtQb9L- > vMocgsYARzV6axzq4&e= > > > > _______________________________________________ > Id-event mailing list > Id-event@ietf.org > https://www.ietf.org/mailman/listinfo/id-event > >
- [Id-event] Consensus :: Single Event Syntax Dick Hardt
- Re: [Id-event] Consensus :: Single Event Syntax Phil Hunt
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Phil Hunt
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Mike Jones
- Re: [Id-event] Consensus :: Single Event Syntax Morteza Ansari (moransar)
- Re: [Id-event] Consensus :: Single Event Syntax John Bradley
- Re: [Id-event] Consensus :: Single Event Syntax John Bradley
- Re: [Id-event] Consensus :: Single Event Syntax Nat Sakimura
- Re: [Id-event] Consensus :: Single Event Syntax M.Lizar@OCG
- Re: [Id-event] Consensus :: Single Event Syntax M.Lizar@OCG
- Re: [Id-event] Consensus :: Single Event Syntax William Denniss
- Re: [Id-event] Consensus :: Single Event Syntax Justin Richer
- Re: [Id-event] Consensus :: Single Event Syntax Justin Richer
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Mike Jones
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Phil Hunt
- Re: [Id-event] Consensus :: Single Event Syntax Mike Jones
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Mike Jones
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Phil Hunt
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Phil Hunt
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Phil Hunt
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Morteza Ansari (moransar)
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax John Wunderlich
- Re: [Id-event] Consensus :: Single Event Syntax Marius Scurtescu
- Re: [Id-event] Consensus :: Single Event Syntax Marius Scurtescu
- Re: [Id-event] Consensus :: Single Event Syntax Marius Scurtescu
- Re: [Id-event] Consensus :: Single Event Syntax Marius Scurtescu
- Re: [Id-event] Consensus :: Single Event Syntax Justin Richer
- Re: [Id-event] Consensus :: Single Event Syntax Justin Richer
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Anthony Nadalin
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Phil Hunt
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Phil Hunt
- Re: [Id-event] Consensus :: Single Event Syntax Benjamin Kaduk
- Re: [Id-event] Consensus :: Single Event Syntax Mike Jones
- Re: [Id-event] Consensus :: Single Event Syntax Phil Hunt
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Mike Jones
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Phil Hunt
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Marius Scurtescu
- Re: [Id-event] Consensus :: Single Event Syntax Justin Richer
- Re: [Id-event] Consensus :: Single Event Syntax Mike Jones
- Re: [Id-event] Consensus :: Single Event Syntax Marius Scurtescu
- Re: [Id-event] Consensus :: Single Event Syntax Phil Hunt
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Phil Hunt
- Re: [Id-event] Consensus :: Single Event Syntax Marius Scurtescu
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Justin Richer
- Re: [Id-event] Consensus :: Single Event Syntax Mike Jones
- Re: [Id-event] Consensus :: Single Event Syntax Justin Richer
- Re: [Id-event] Consensus :: Single Event Syntax Phil Hunt
- Re: [Id-event] Consensus :: Single Event Syntax Anthony Nadalin
- Re: [Id-event] Consensus :: Single Event Syntax Richard Backman, Annabelle
- Re: [Id-event] Consensus :: Single Event Syntax Adam Dawes
- Re: [Id-event] Consensus :: Single Event Syntax Leif Johansson