IETF Logo Mail Archive

Re: [Id-event] New Version Notification for draft-ietf-secevent-subject-identifiers-06.txt

Justin Richer <jricher@mit.edu> Thu, 24 September 2020 13:47 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE9953A093D for <id-event@ietfa.amsl.com>; Thu, 24 Sep 2020 06:47:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.362
X-Spam-Level:
X-Spam-Status: No, score=-0.362 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, LH_URI_DOM_IN_PATH=1.446, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ESD9N7yIZtp1 for <id-event@ietfa.amsl.com>; Thu, 24 Sep 2020 06:47:30 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 700FC3A07F9 for <id-event@ietf.org>; Thu, 24 Sep 2020 06:47:30 -0700 (PDT)
Received: from [192.168.1.5] (static-71-174-62-56.bstnma.fios.verizon.net [71.174.62.56]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 08ODlKuX019234 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 24 Sep 2020 09:47:20 -0400
From: Justin Richer <jricher@mit.edu>
Message-Id: <EEDBDF1C-91D6-4A9E-9832-70786DDF9B80@mit.edu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_84354E50-571B-4779-BFC3-BAF0FD497DC7"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Thu, 24 Sep 2020 09:47:19 -0400
In-Reply-To: <MN2PR00MB08931192A0DC11FCFEE9259895381@MN2PR00MB0893.namprd00.prod.outlook.com>
Cc: Yaron Sheffer <yaronf.ietf@gmail.com>, "Richard Backman, Annabelle" <richanna=40amazon.com@dmarc.ietf.org>, "id-event@ietf.org" <id-event@ietf.org>, Marius Scurtescu <marius.scurtescu@coinbase.com>
To: Tim Cappalli <Tim.Cappalli=40microsoft.com@dmarc.ietf.org>
References: <C1EC0CE3-2C6F-411A-B5AD-E9CCEC55F5B5@gmail.com> <MN2PR00MB08931192A0DC11FCFEE9259895381@MN2PR00MB0893.namprd00.prod.outlook.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/HBDIizurmW-MHpcPIMBy6Pt-jAw>
Subject: Re: [Id-event] New Version Notification for draft-ietf-secevent-subject-identifiers-06.txt
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2020 13:47:33 -0000

I’ll join this bikeshed:

+1 to identifier_type.

 — Justin

> On Sep 23, 2020, at 1:22 PM, Tim Cappalli <Tim.Cappalli=40microsoft.com@dmarc.ietf.org> wrote:
> 
> +1 to identifier_type
> 
> 
> 
> From: Id-event <id-event-bounces@ietf.org> on behalf of Yaron Sheffer <yaronf.ietf@gmail.com>
> Sent: Wednesday, September 23, 2020 03:07
> To: Richard Backman, Annabelle <richanna=40amazon.com@dmarc.ietf.org>; id-event@ietf.org <id-event@ietf.org>
> Cc: Marius Scurtescu <marius.scurtescu@coinbase.com>
> Subject: Re: [Id-event] New Version Notification for draft-ietf-secevent-subject-identifiers-06.txt
>  
> I don’t know if it’s a “grave error”, but “identifier_type” would be a much better choice.
>  
> Thanks,
>                 Yaron
>  
> From: Id-event <id-event-bounces@ietf.org> on behalf of "Richard Backman, Annabelle" <richanna=40amazon.com@dmarc.ietf.org>
> Date: Wednesday, September 23, 2020 at 03:37
> To: "id-event@ietf.org" <id-event@ietf.org>
> Cc: Marius Scurtescu <marius.scurtescu@coinbase.com>
> Subject: Re: [Id-event] New Version Notification for draft-ietf-secevent-subject-identifiers-06.txt
>  
> Hello Security Events working group, 
>  
> A couple weeks ago I published this update to the Subject Identifiers draft based on feedback from the recent email discussions. Unfortunately I failed to notice that a notification of the update did not go out to the working group mailing list – sorry about that!
>  
> In addition to various editorial fixes, I made a few more substantial edits based on working group feedback:
> Expanded the introduction section with several examples of subject identifiers in use, and a section describing the difference between a subject identifier type – the type of identifier used to identify a subject, e.g., email address, phone number, SHA-256 thumbprint – and a subject type – the type of thing your subject principal is, e.g., user, group, server.
> In making these changes, I realized I made a grave error in naming the type member “subject_type”. I did not change its name in this draft, as I wanted to discuss this on list before doing so.
> Removed the word “claim” except when used in reference to a JWT claim.
> Noticed while writing this that I missed a couple uses in the abstract. Oops.
> Introduced some normative requirements around the use of both `sub` and `sub_id` in the same JWT: "implementations MUST NOT rely on both claims to determine the subject,” though falling back to one if the other isn’t understood (e.g., sub_id has an unknown subject identifier type) is allowed.
> Added security considerations. Interested in feedback on this. The security considerations really depend on the context in which subject identifiers are used, so I’m trying to strike a balance between referencing likely relevant considerations and providing useful information without copying in a bunch of content that may or may not apply.
> –
> Annabelle Backman (she/her)
> AWS Identity
> https://aws.amazon.com/identity/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Faws.amazon.com%2Fidentity%2F&data=02%7C01%7Ctim.cappalli%40microsoft.com%7Cc2206ccb635a4b76ce2108d85f8f5a5b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364417837367455&sdata=j9WVZYNqkvfIXMKsLRVTUjEYWj2u1sd7y6HWHsiqar4%3D&reserved=0>
> 
> 
> On Sep 4, 2020, at 6:34 PM, internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> wrote:
>  
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
> 
> 
> 
> A new version of I-D, draft-ietf-secevent-subject-identifiers-06.txt
> has been successfully submitted by Annabelle Backman and posted to the
> IETF repository.
> 
> Name:           draft-ietf-secevent-subject-identifiers
> Revision:       06
> Title:          Subject Identifiers for Security Event Tokens
> Document date:  2020-09-04
> Group:          Individual Submission
> Pages:          19
> URL:            https://www.ietf.org/id/draft-ietf-secevent-subject-identifiers-06.txt <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fid%2Fdraft-ietf-secevent-subject-identifiers-06.txt&data=02%7C01%7Ctim.cappalli%40microsoft.com%7Cc2206ccb635a4b76ce2108d85f8f5a5b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364417837367455&sdata=wSiMxuluYHOGz8ORb1Y2zMVOHvWnO4Be3pU0Fb8ASh4%3D&reserved=0>
> Status:         https://datatracker.ietf.org/doc/draft-ietf-secevent-subject-identifiers/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-secevent-subject-identifiers%2F&data=02%7C01%7Ctim.cappalli%40microsoft.com%7Cc2206ccb635a4b76ce2108d85f8f5a5b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364417837377448&sdata=E679rAOGfJWLw6qhnFi%2BVhBvHyvhZjvbr2xGiLlkG84%3D&reserved=0>
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-ietf-secevent-subject-identifiers <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-secevent-subject-identifiers&data=02%7C01%7Ctim.cappalli%40microsoft.com%7Cc2206ccb635a4b76ce2108d85f8f5a5b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364417837377448&sdata=J0mVQgiOWyzrYDR77oNG0M9wilhQX4vAJf1IEnudwBo%3D&reserved=0>
> Htmlized:       https://tools.ietf.org/html/draft-ietf-secevent-subject-identifiers-06 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-secevent-subject-identifiers-06&data=02%7C01%7Ctim.cappalli%40microsoft.com%7Cc2206ccb635a4b76ce2108d85f8f5a5b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364417837387448&sdata=kipyIzUcRpAtxRX%2FXpCL9BI3gyEeAzmDhdDv4i0nRSM%3D&reserved=0>
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-secevent-subject-identifiers-06 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-ietf-secevent-subject-identifiers-06&data=02%7C01%7Ctim.cappalli%40microsoft.com%7Cc2206ccb635a4b76ce2108d85f8f5a5b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364417837387448&sdata=d5iGCKxOi274Vb70%2FcGVjc%2BIkAk49zqxVAqRMistj5Y%3D&reserved=0>
> 
> Abstract:
>   Security events communicated within Security Event Tokens may support
>   a variety of identifiers to identify the subject and/or other
>   principals related to the event.  This specification formalizes the
>   notion of subject identifiers as named sets of well-defined claims
>   describing the subject, a mechanism for representing subject
>   identifiers within a JSON object such as a JSON Web Token (JWT) or
>   Security Event Token (SET), and a registry for defining and
>   allocating names for these claim sets.
> 
> 
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftools.ietf.org%2F&data=02%7C01%7Ctim.cappalli%40microsoft.com%7Cc2206ccb635a4b76ce2108d85f8f5a5b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364417837397438&sdata=wsKhdFOu8QWT9TaOWWOoEYsNqBQfVSovT7MLuITwMOw%3D&reserved=0>.
> 
> The IETF Secretariat
> 
> 
>  
> _______________________________________________ Id-event mailing list Id-event@ietf.org https://www.ietf.org/mailman/listinfo/id-event
> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org
> https://www.ietf.org/mailman/listinfo/id-event

v2.23.0 | Report a Bug | By Email