IETF Logo Mail Archive

Re: [Id-event] Subject Categories in Subject Identifiers

Phil Hunt <phil.hunt@independentid.com> Mon, 13 July 2020 21:55 UTC

Return-Path: <phil.hunt@independentid.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 204673A0EE9 for <id-event@ietfa.amsl.com>; Mon, 13 Jul 2020 14:55:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.885
X-Spam-Level:
X-Spam-Status: No, score=-1.885 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=independentid-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WLqyv7pyDMbM for <id-event@ietfa.amsl.com>; Mon, 13 Jul 2020 14:55:20 -0700 (PDT)
Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 137E23A0E9E for <id-event@ietf.org>; Mon, 13 Jul 2020 14:55:04 -0700 (PDT)
Received: by mail-pg1-x52d.google.com with SMTP id p3so6659286pgh.3 for <id-event@ietf.org>; Mon, 13 Jul 2020 14:55:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=independentid-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=auiJ1wBF52oGAgqMf2n/VGuoJlw7gC3lVbTibCo9T+A=; b=cmqe1o1nBFGiDbh8Uvo+VU2HbLWiPr9LBVzjFb9hmR1rarccHOvDdpBuIRcfv2SGBf CYnQa9BxsoOeprh5oN+/bmxskt1aNlQYaesdfDWIm6Dwywe5QKSYbjqiH+6V5wn4tQse hqjasVqZ5aVTuMESOThENHv8GIpTHFm0GApT+c/TKINGD6WSRpgr5/Gd5j5oyH+4AUle Sul9Z+J90fgxEYIKewxT6eHUO2XVV9m0kROIUa3Ts69NQUXf9Qma96R5DFtNc7YpiJsm 4mV1Ikf/9nWHmyHrEO4g4HgAOAl7gpbevxqN/J1xT7/OWVKZx1Wkdtp8RzJ20IH9vJmu ciGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=auiJ1wBF52oGAgqMf2n/VGuoJlw7gC3lVbTibCo9T+A=; b=L9VdDmVekBPXg9Yj059nHNWA47vJCOU6ZdB84lYULapG3SIIUbJ6mAFjY3SQUcDeWZ xNI7jX1Nul6GZ246uI7zdIJXx+g3FdNkh4SgGH7cpEHkW43Y15Tne8jg0AFCnI2ob94h uLgw9MPH5bEZJqhF5vFetaMu7r8J0G7BnxLGWrvarDVnvcV7IhKWEE99Em8BY8urQqN7 KP8Eu7BhBvCdkuLqosx58a2S3OsYUQr303awnGx3Zao797WyUR2+3yXqJF6XjT0/MqUd hu3TLYWQsSf4Jm/7f0Eu1ZQpDevvwoAceO/Us1jv0Iz6VUhOQBBh0NV1KPHwiIYDQxVl u5fA==
X-Gm-Message-State: AOAM530MQmpFMqYLn5C9ErL+1LQT7UgPCcLqhsW11wINnX80zMxGYm9l sAk0J78oh8IoWxWY8m+WX7wvjkHiGRg=
X-Google-Smtp-Source: ABdhPJxGkklb6bSFYCOnJzncc5tNV0DCd0y2bFbxiWHtc/5iXwGyPG0tvPJ7brTTrP4jPY02hQxr2A==
X-Received: by 2002:a63:457:: with SMTP id 84mr949085pge.219.1594677304363; Mon, 13 Jul 2020 14:55:04 -0700 (PDT)
Received: from node-1w7jr9qrfoxx8mcksqtcf83xl.ipv6.telus.net (node-1w7jr9qrfoxx8mcksqtcf83xl.ipv6.telus.net. [2001:569:7a71:1d00:4814:7c28:a629:34e9]) by smtp.gmail.com with ESMTPSA id c134sm15135404pfc.115.2020.07.13.14.55.03 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Jul 2020 14:55:03 -0700 (PDT)
From: Phil Hunt <phil.hunt@independentid.com>
Message-Id: <5C854271-BC02-47EE-814C-D8270681BF33@independentid.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_7DB09B35-3AE5-4EFE-8727-26596362CDB1"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Mon, 13 Jul 2020 14:55:03 -0700
In-Reply-To: <CAMCkG5s3zgR=cMdXQ=Ct+KTcUFpLVNL2+DxUpMzx66NAG6o+bQ@mail.gmail.com>
Cc: Dick Hardt <dick.hardt@gmail.com>, ID Events Mailing List <id-event@ietf.org>
To: Atul Tulshibagwale <atultulshi=40google.com@dmarc.ietf.org>
References: <CAMCkG5uxCRUPKgbM-XsWmykpvSbjpXybWew=brs4GTNwmQQyQQ@mail.gmail.com> <CAD9ie-tXCtxQK9XPX6JBMnY2Byi=STGh7gzwMho88KqH6zG_vw@mail.gmail.com> <CAMCkG5s3zgR=cMdXQ=Ct+KTcUFpLVNL2+DxUpMzx66NAG6o+bQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/GruNU0sPyuye2vcLnDhzI2T_Ib8>
Subject: Re: [Id-event] Subject Categories in Subject Identifiers
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 21:55:28 -0000

Why is the category not part of the eventuri / event definition?  Why have one event that applies to a session, a device, a person, and an account at the same time as opposed to 4 different event uris?

It feels like you may be trying define a  combined, multi-purpose event to cover many actual events. Is that the goal?

My expectation for defining SETs and eventuris was that the eventuri conveys 90% of the information content of a SET. The subject identifier indicates who or what the event is about and the occasional use of payload claims to provide “useful” additional information (like a counter).  E.g. if you want to convey how many account resets and not just the fact the account was reset. It makes sense to re-use the same URI even though the actions taken on the 3rd reset might be different then on the first.

IMO, a wide number of event uris paired with lightweight SETs means policy systems and SET routers can make quick decisions on where and how to act upon an event for a particular subject.

Phillip Hunt
phil.hunt@independentid.com



> On Jul 13, 2020, at 1:47 PM, Atul Tulshibagwale <atultulshi=40google.com@dmarc.ietf.org> wrote:
> 
> To address Mike's point I'm clarifying the proposal syntax here.
> 
> I'm proposing that we add a "categories" claim to subject identifiers, regardless of the subject-identifier type (i.e. a common claim), with the following text:
> Subject Categories
> 
>    Subjects may be categorized as users, devices or sessions.  To
>    specify the category of a subject, a "category" claim MAY be
>    included.  If present, the claim MUST have a value that is one of:
> 
>    user  Specifies that the subject category is a user.
> 
>    device  Specifies that the subject category is a device.
> 
>    session  Specifies that the subject category is a session.
> 
> To address Dick's question:
> I suppose one could think of it either way. I am neutral to adding it within subject identifiers or at a higher-level in the event that includes the subject identifier claim. This was also a point of discussion in the SSE working group, so I'll let others comment on this. This may be dropped if no one has strong reasons to include it in the subject identifiers claim.
> 
> Thanks,
> Atul
> 
> On Mon, Jul 13, 2020 at 11:25 AM Dick Hardt <dick.hardt@gmail.com <mailto:dick.hardt@gmail.com>> wrote:
> Hi Atul
> 
> I don't follow why this statement is true:
> 
> "Since this is a property of the subject rather than the event"
> 
> I would come to the opposite conclusion.
> 
> ᐧ
> 
> On Mon, Jul 13, 2020 at 9:10 AM Atul Tulshibagwale <atultulshi=40google.com@dmarc.ietf.org <mailto:40google.com@dmarc.ietf.org>> wrote:
> Hi all,
> Subject Identifiers will be used in various specifications about events pertaining to those subject identifiers. In order to determine the scope of the event, it is important to know what the transmitter of the event that includes the subject identifier refers to.
> 
> For example, when a subject identifier specifies a phone number as the identifier, is the transmitter of the event that includes such a subject identifier specifying the user or the device represented by the subject identifier.
> 
> Since this is a property of the subject rather than the event, it should be logically included in the subject identifier spec. Therefore, I'm proposing that we include a "subject category" claim within the subject identifier. The subject category could have one of the following values:
> User
> Device
> Session
> The above values are sufficient for the SSE profile, but other values may be possible (although such a possibility is not a part of my proposal <https://github.com/richanna/secevent/pull/1>)..
> 
> Thanks,
> Atul
> 
> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org <mailto:Id-event@ietf.org>
> https://www.ietf.org/mailman/listinfo/id-event <https://www.ietf.org/mailman/listinfo/id-event>
> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org <mailto:Id-event@ietf.org>
> https://www.ietf.org/mailman/listinfo/id-event <https://www.ietf.org/mailman/listinfo/id-event>
> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org
> https://www.ietf.org/mailman/listinfo/id-event

v2.23.0 | Report a Bug | By Email