IETF Logo Mail Archive

Re: [Id-event] Consensus :: Single Event Syntax

Marius Scurtescu <mscurtescu@google.com> Thu, 07 December 2017 20:30 UTC

Return-Path: <mscurtescu@google.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B11421294EC for <id-event@ietfa.amsl.com>; Thu, 7 Dec 2017 12:30:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9PRHUzHgn6eg for <id-event@ietfa.amsl.com>; Thu, 7 Dec 2017 12:30:00 -0800 (PST)
Received: from mail-it0-x234.google.com (mail-it0-x234.google.com [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC3B9128DF3 for <id-event@ietf.org>; Thu, 7 Dec 2017 12:29:59 -0800 (PST)
Received: by mail-it0-x234.google.com with SMTP id f190so5598ita.5 for <id-event@ietf.org>; Thu, 07 Dec 2017 12:29:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0tsi0UR6OG+94zsHbzxtVrOJIxwi5rKlkuzzO1tUbcY=; b=NAqaBtUSEJRvSo9himkjQU2yG7c6pkrprJ8bbclhTdhsN3Yy4Z0EqxQ3FX0ItMbeby siwZ6OOzqX6aX/+jkPKqfWMC6YBqpVRc/pYXi5rh2Slj6CqNSX+iuCKyBCmBOP+s83e3 dKtWt+yjJXOhe8dVwqsT56xukpPURXRt+8z0ATDsDzPMAdIaCf9j3JTEau0nVu7TxDdw x9VyNXXK22HthjQzjHL9jLPcfC2623b2JyeJjQMpEkidGlIiPCsUJ3K64rOfxqwPMC3H OuO4IfWb6BPyDi8N9HMKPmgYvzI71vJZRt7G0Sgq3Oz/L3mC7nWoNHDTrKhze+cYgkiH uevg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0tsi0UR6OG+94zsHbzxtVrOJIxwi5rKlkuzzO1tUbcY=; b=uHOMGwXneYjwk1zhXH3B8IK9h0YCpCJKm/9VMgDw4OFkhZ5gKHA/no9hP8uOpdeUdH ojTEB9EoLWpI+slP6lGDqnooI0jD8Nt/IFSdUhzu1orxi3fp5sfSdz/27nsoaRzvybm9 1BGkQRMRdhUeMOLrC/8yf0gY5N6rvtd0ve1g3dQioy/IJOeTXqt1W6FZyDkq6WEW63cf u/BCfCkpB3cVIwKjAbTcJkvmcPjtceK0YGkh/IWhXY6r6JErqjf3eLDwKGiHNIPzPhTZ nKjRkGYO56LUhuVth0JdLUklfe+MQd+ncQU7t6Boet0RyX6Xb/ey9aI8iCA6pfnnw+Ym Yqtw==
X-Gm-Message-State: AKGB3mI2kld9gQjCiUNFTCT2l2Z4XO8mwDGSJ+EqGBX90Wqyk8BZh0fr hSo2rwqqSDEfJ2cK7bzntKDIn5BHT6H3ER9RF1/xjQ==
X-Google-Smtp-Source: AGs4zMbKskyftDY2UOD298VoRD6ElPS7LPqmLhMuoGtazIDR3t3X4aw5RZhSS5LdznT/+0uLtz8HWxNH658h707VWOA=
X-Received: by 10.36.175.17 with SMTP id t17mr3208989ite.66.1512678598469; Thu, 07 Dec 2017 12:29:58 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.34.19 with HTTP; Thu, 7 Dec 2017 12:29:37 -0800 (PST)
In-Reply-To: <0A3C1B48-8459-4C62-AD21-0AD4469ED773@mit.edu>
References: <CAD9ie-s_tmCqwBh0u=89Zx7FZEUMq0-TcPY_t-3t006oTrTbmw@mail.gmail.com> <C7C5A5CC-351F-4F65-9977-19508ECF8A65@oracle.com> <BN6PR21MB0500C56E9363709A8538EED8F53E0@BN6PR21MB0500.namprd21.prod.outlook.com> <0A3C1B48-8459-4C62-AD21-0AD4469ED773@mit.edu>
From: Marius Scurtescu <mscurtescu@google.com>
Date: Thu, 07 Dec 2017 12:29:37 -0800
Message-ID: <CAGdjJp+q=SL5RWD-BGVBu=Kdo2qkbzg99XsgVeTYSt-53F5vPw@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Cc: Mike Jones <Michael.Jones@microsoft.com>, Yaron Sheffer <yaronf.ietf@gmail.com>, Dick Hardt <dick.hardt@gmail.com>, SecEvent <id-event@ietf.org>, Phil Hunt <phil.hunt@oracle.com>
Content-Type: multipart/alternative; boundary="94eb2c198400862220055fc5eef7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/JjymosomNl8fNE5kaOUvbRVcCyE>
Subject: Re: [Id-event] Consensus :: Single Event Syntax
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Dec 2017 20:30:03 -0000

+1

Marius

On Mon, Dec 4, 2017 at 11:03 AM, Justin Richer <jricher@mit.edu> wrote:

> I strongly disagree that the new draft reintroduces primary/secondary
> semantics. It instead creates a single object, the only event that the SET
> is concerned with. The “related events” grouping isn’t creating secondary
> events, it’s creating a bag for multiple “single” events to be carried
> together. There’s no primacy involved.
>
> This is highly desirable vs. the current usage.
>
>  — Justin
>
> On Dec 2, 2017, at 3:12 AM, Mike Jones <Michael.Jones@microsoft.com>
> wrote:
>
> I am strongly opposed to making a change to reintroduce a distinction
> between primary and secondary events.  This topic has been heavily
> discussed in the working group and people very clearly came down on the
> side of having no such distinction.  Annabelle’s draft needlessly
> reintroduces this distinction, with the result being a breaking change and
> making the structure more complicated, not less.  See the deeply nested
> “related events” structure inhttps://tools.ietf.org/html/
> draft-backman-secevent-token-03#section-3 to understand some of the of
> the additional complexity being proposed.
>
> The working draft already meets the needs of multiple use cases and is in
> production use.  There are not sufficient reasons to reintroduce complexity
> that was previously soundly rejected and to make wholesale design changes
> after working group last call.
>
> We should stay with what already works and complete the SET spec in a
> timely fashion.
>
>                                                                 -- Mike
>
> *From:* Id-event [mailto:id-event-bounces@ietf.org
> <id-event-bounces@ietf.org>] *On Behalf Of *Phil Hunt
> *Sent:* Friday, December 1, 2017 10:36 AM
> *To:* SecEvent <id-event@ietf.org>
> *Cc:* Yaron Sheffer <yaronf.ietf@gmail.com>; Dick Hardt <
> dick.hardt@gmail.com>
> *Subject:* Re: [Id-event] Consensus :: Single Event Syntax
>
> For historical purposes, this has been discussed twice before (once at the
> request of Annabelle).
>
> I think it would be helpful, why, after WGLC, this issue is being brought
> forward yet again. Dick has stated that Annabelle’s concern that she finds
> it difficult to implement is sufficient.  Yet, I’m not sure we are
> entertaining a new concern here. No new information was provided.
>
> I note that at the time, the chairs did not feel there was a lack of
> consensus in order to call for one in the past.
>
> On some of these matters, the choice may be arbitrary, and that is why I
> think keeping track of prior discussion is important so that we can clearly
> move forward and not repeat discussion of the past further confusing
> consensus.
>
> While I advocated for singular events as a possibility in the past, I now
> have much more stronger technical reasons for the WG draft design, which
> have strengthened rather than weakened in the past week. I will share these
> later, after the minutes have been published.
>
> On Dec 10, 2016, Yaron while reviewing the ID draft-hunt-idevent-token-07
> [1]:
>
>   * Why "events" and not "event"? We don't really have support for
>
>     multiple events. Certainly not if they are all of the same type.
>
>     The current text is confusing: "events" is not the same as "a
>
>     primary event and its extensions”.
>
> [MIKE] Reflects your earlier comment re: primary vs. extensions.  "events” is
>
> plural to reflect the fact that the attribute is multi-valued. I agree,
>
> given that only one primary event can be included, the naming is misleading.
>
>
> From later in the thread [2]:
>
>  * 2: "first value" is meaningless. JSON objects are unordered (4th
>    paragraph of RFC 7159). If order /is/ important, we could make
>    "events" into an array.
>
> *[Phil] *Yup.   How would the group like to fix this?  We could make
> “events”
> singular and have an extensions attribute to hold the extensions.  Or we
> could go to a more complex JSON structure (not personally a fan).
>
>
> *[Yaron]* I'm personally fine with a main "event" object and an
> "extensions" attribute. I can even live with "event" being called "events",
> per Mike's proposal. But the structure needs to make sense as a JSON object
> if we want it implemented.
>
>
> [PH] Thread: Should the primary event be a separate attribute?
>
> We had this broken out before. If there is sufficient desire to break it
> out again, I have no objection.
>
>
> Then following WG adoption, I re-reraised the issue after discussion with
> Annabelle draft-secevent-token-00 [3]:
>
> On this topic, following Yaron’s comments Mike Jones raised some points
> that there should be no distinction between primary events and extensions (
> https://mailarchive.ietf.org/arch/msg/id-event/0Hhg46ROcidQDLL7OnXUs88TJ9U).
> Summarizing:
> * Processors will run through all of them regardless. It is not
> necessarily helpful to understand which is a primary vs. extension
> * Let’s drop distinction between primary vs. extension. You can simply
> express one or more sets of event attributes in a single JWT
>
> My proposal is to drop this terminology in the text and keep the attribute
> multi-valued. The purpose of the attribute is to inform the reader what
> events are being asserted and what additional data may be present. It is up
> to the reader to ultimately infer meaning when one or more URIs are
> present.  Further, when multiple URIs are present it must still to make a
> combined statement about a single state change about a subject. It must not
> be used to convey multiple distinct (e.g. transactions) events about a
> subject.
>
> Assuming everyone agrees, I will plan to remove these distinctions in the
> next update with some new text. Please comment if you have concerns.
>
>
> To which Mike Jones responded [4]
>
> I believe we already had consensus to drop the primary/secondary
> distinction, which we intentionally did before adoption of the working
> group draft.  I believe any such distinction will both be unhelpful and
> result in syntactic complexity.  Please let’s finish stamping out the
> notion that any of the events in a SET are somehow different than the
> others.
>
>
> William Denniss wrote [5]:
>
> I agree with your proposal.
>
> They're all just events. Up to implementors to define & categorize their
> events how they like.
>
>
> Marius also agreed (he may have switched positions now) [6]:
>
> I also think it makes sense to remove the primary/secondary distinction.
>
> Marius
>
>
> Justin also agreed (and may have switched positions) [7]
>
> +1, drop "primary" and keep it an object
>  -- Justin
>
>
> References:
> [1] - https://www.ietf.org/mail-archive/web/id-event/current/msg00298.html
> [2] - https://www.ietf.org/mail-archive/web/id-event/current/msg00299.html
> [3] - https://www.ietf.org/mail-archive/web/id-event/current/msg00345.html
> [4] - https://www.ietf.org/mail-archive/web/id-event/current/msg00347.html
> [5] - https://www.ietf.org/mail-archive/web/id-event/current/msg00349.html
> [6] - https://www.ietf.org/mail-archive/web/id-event/current/msg00365.html
> [7] - https://www.ietf.org/mail-archive/web/id-event/current/msg00406.html
>
> Phil
>
> Oracle Corporation, Identity Cloud Services Architect
> @independentid
> www.independentid.com
> phil.hunt@oracle.com
>
>
> On Dec 1, 2017, at 8:50 AM, Dick Hardt <dick.hardt@gmail.com> wrote:
>
>
> Is it important to syntactically ensure that only one event is in a SET?
> For privacy reasons, some use cases want to ensure that only one signal is
> in a SET.
> This adds some additional complexity for use cases that want to include
> multiple signals in a SET.
> See https://tools.ietf.org/html/draft-backman-secevent-token-02
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dbackman-2Dsecevent-2Dtoken-2D02&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=p986FFBYCnXfbWjoBBpAe4IarEj1m7ezmVE3DPSQzwY&s=P-rrbMomS-aMBQQ0HPfPzvNPkWHLDYs8SsugRHx-eLM&e=> for
> an proposed syntax that ensures one event per SET, and enables multiple
> events per SET when desired
>
> We will track results here: https://github.com/IETF-
> SecEvent/Drafts/issues/1
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_IETF-2DSecEvent_Drafts_issues_1&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=p986FFBYCnXfbWjoBBpAe4IarEj1m7ezmVE3DPSQzwY&s=3f7fFs9ZKZrg1ScI3Ml2r8ykvHGuBbup831kDUNklfw&e=>
>
> Discussion to be on the mail list as usual, not in the issue tracker!
>
> /Dick
> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.
> ietf.org_mailman_listinfo_id-2Devent&d=DwICAg&c=
> RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=
> na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=
> p986FFBYCnXfbWjoBBpAe4IarEj1m7ezmVE3DPSQzwY&s=YnAKATJz3qVYniVaDUIMtQb9L-
> vMocgsYARzV6axzq4&e=
>
>
> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org
> https://www.ietf.org/mailman/listinfo/id-event
>
>
>
> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org
> https://www.ietf.org/mailman/listinfo/id-event
>
>

v2.23.0 | Report a Bug | By Email