IETF Logo Mail Archive

[Id-event] Dealing with issuer conflict

"Phil Hunt (IDM)" <phil.hunt@oracle.com> Thu, 18 May 2017 04:45 UTC

Return-Path: <phil.hunt@oracle.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3832129BB5 for <id-event@ietfa.amsl.com>; Wed, 17 May 2017 21:45:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.522
X-Spam-Level:
X-Spam-Status: No, score=-1.522 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rRvaubBktmn1 for <id-event@ietfa.amsl.com>; Wed, 17 May 2017 21:45:16 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65E1812E03D for <id-event@ietf.org>; Wed, 17 May 2017 21:40:46 -0700 (PDT)
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v4I4eiPl027942 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <id-event@ietf.org>; Thu, 18 May 2017 04:40:45 GMT
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id v4I4ei2p021352 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <id-event@ietf.org>; Thu, 18 May 2017 04:40:44 GMT
Received: from abhmp0011.oracle.com (abhmp0011.oracle.com [141.146.116.17]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id v4I4eiTn003268 for <id-event@ietf.org>; Thu, 18 May 2017 04:40:44 GMT
Received: from [192.168.1.13] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 17 May 2017 21:40:44 -0700
From: "Phil Hunt (IDM)" <phil.hunt@oracle.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
Date: Wed, 17 May 2017 21:40:42 -0700
Message-Id: <D1129EE9-8D49-4262-A569-FF373490EB85@oracle.com>
To: ID Events Mailing List <id-event@ietf.org>
X-Mailer: iPhone Mail (14E304)
X-Source-IP: userv0022.oracle.com [156.151.31.74]
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/GAOC2IXT5dpAAVlCEhaUfyPh5S0>
Subject: [Id-event] Dealing with issuer conflict
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2017 04:45:17 -0000

In many cases where we are talking about events (eg risc) there is no need for extra claims other than the event type itself. 

It occurs to me that in the case of RP issued events the current sectoken format requires an embedded iss to deal with the conflict with the set issuer. It seems to add a lot of complication for most events. 

What if we defined a new sectoken top level attribute 'subIss' to mean "subject issuer" and keep iss reserved for the SET issuer. 

I would suggest this as a recommended attribute even when iss and subIss are the same for parsing consistency. 

Thoughts?

Phil

v2.23.0 | Report a Bug | By Email