IETF Logo Mail Archive

Re: [Id-event] Consensus :: Single Event Syntax

Marius Scurtescu <mscurtescu@google.com> Fri, 08 December 2017 00:39 UTC

Return-Path: <mscurtescu@google.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC03A128BBB for <id-event@ietfa.amsl.com>; Thu, 7 Dec 2017 16:39:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2FEkcuuI45vW for <id-event@ietfa.amsl.com>; Thu, 7 Dec 2017 16:39:41 -0800 (PST)
Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDF8D128959 for <id-event@ietf.org>; Thu, 7 Dec 2017 16:39:40 -0800 (PST)
Received: by mail-it0-x236.google.com with SMTP id z6so1356249iti.4 for <id-event@ietf.org>; Thu, 07 Dec 2017 16:39:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Zz8ud1ehkoQmqFW0L9vA/XVxF9L8fMe2y5ETvdy7zgE=; b=ioGKvlRIv66utkSRMO391hmw+4M5SDEPfRh7GnivrjYKAUHNEAzuYq/LglAhSx4Odf 6bqov+St6NQNDM0gaumICrw/V1yK2sYu9YviSl8Qd3RziFXoSZ+u7oHfD0mcW85AHUQ4 becMwTlYmRkMala5qU3+C3mCJBM/qG/1/gzwIENP4CG5VgoneLJXqyBuPgkaDR64Q6Ug cyDnnWOgbiNA5Q+rxEr3LSSD94s9KXXms5T/BlR1tJ87OtyhqGEMVudz67j2Yyl+3MPp 9G1P3nGNtL1qzlywdC1ea8OiQHQJa4BAqgV8/kMTDGOBUY9WYGaO0s3TobhfOTp3phSG 5r4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Zz8ud1ehkoQmqFW0L9vA/XVxF9L8fMe2y5ETvdy7zgE=; b=WoeDJp8X39ycMfARBFRZ/GKHx8r7w7Gv2TqbSd5rz4C3w2OyWyUuUK2wTWLWH5OhXC HEMNI3owNuvGM9QYYtmgu9/872U7MgU4gTOZcv0RhCl1XroPH+6arEollrrIJltdbBmr rJ5B0MsrCpmN/hsiWLoOtZOVD4Xs/pvcw0dpR+m7YWt6ed2TgTzNgMdfhhMntdEZ0wKu CvC6bkaBJLkKirVgIPO5lwsh+jxUXQ0Ekd/rDlYtsYX9CP0E+cGtpbCQxUh9ldrooP0R 0g+bTsqqPZSDTWO5TpewFGXGAzJ21P0flgS61J7TI0jPsHIrv+w99Bq5DZak8WUF0CQ4 m/EQ==
X-Gm-Message-State: AJaThX5goSNL0sCIwL5yxVbYqonvxXIRNkxjdQ/CrbCm2pRm/09NiirF 2dfvryiBPgrsXhDZbKvpO/y3oVfXQSq3eK63+M/GEg==
X-Google-Smtp-Source: AGs4zMbUCI/mbKzCQ6pxYgTsaT1tE96aV4bAK79mO9/HHhA8WMOo2kPp8L/YrrVcOJkWcDXLem0YA0WF7zRY2+jk5Go=
X-Received: by 10.107.183.76 with SMTP id h73mr40447936iof.154.1512693579490; Thu, 07 Dec 2017 16:39:39 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.34.19 with HTTP; Thu, 7 Dec 2017 16:39:18 -0800 (PST)
In-Reply-To: <BN6PR21MB0500C56E9363709A8538EED8F53E0@BN6PR21MB0500.namprd21.prod.outlook.com>
References: <CAD9ie-s_tmCqwBh0u=89Zx7FZEUMq0-TcPY_t-3t006oTrTbmw@mail.gmail.com> <C7C5A5CC-351F-4F65-9977-19508ECF8A65@oracle.com> <BN6PR21MB0500C56E9363709A8538EED8F53E0@BN6PR21MB0500.namprd21.prod.outlook.com>
From: Marius Scurtescu <mscurtescu@google.com>
Date: Thu, 07 Dec 2017 16:39:18 -0800
Message-ID: <CAGdjJp+B-qRQpXjqnVHY5ek9kmsRQeJZS6AA19YiWEFaMK1Grg@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Cc: Phil Hunt <phil.hunt@oracle.com>, SecEvent <id-event@ietf.org>, Yaron Sheffer <yaronf.ietf@gmail.com>, Dick Hardt <dick.hardt@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c0b9e3a76567f055fc96bea"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/JpGxOhnYqFceMJJiuZxdAAWjqdg>
Subject: Re: [Id-event] Consensus :: Single Event Syntax
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Dec 2017 00:39:44 -0000

On Fri, Dec 1, 2017 at 7:12 PM, Mike Jones <Michael.Jones@microsoft.com>
wrote:

> I am strongly opposed to making a change to reintroduce a distinction
> between primary and secondary events.  This topic has been heavily
> discussed in the working group and people very clearly came down on the
> side of having no such distinction.  Annabelle’s draft needlessly
> reintroduces this distinction, with the result being a breaking change and
> making the structure more complicated, not less.  See the deeply nested
> “related events” structure in https://tools.ietf.org/html/
> draft-backman-secevent-token-03#section-3 to understand some of the of
> the additional complexity being proposed.
>
>
>
> The working draft already meets the needs of multiple use cases and is in
> production use.  There are not sufficient reasons to reintroduce complexity
> that was previously soundly rejected and to make wholesale design changes
> after working group last call.
>

It meets the need of some use cases. It does not meet the use case put
forward by Tony Nadalin for example.

Regarding production use. We are getting implementation feedback and we are
wholesale refusing it because there is some minor production usage already?
We should not be reckless breaking existing usage, I totally agree, but we
cannot argue for a weaker spec simply because there is usage of an early
draft.

Again, I am really surprised by this total refusal to address
implementation feedback. Isn't this supposed to be normal part of the
process?



>
> We should stay with what already works and complete the SET spec in a
> timely fashion.
>

How about: we should all collaborate on creating the best speck we can and
consider all implementation feedback?


>
>                                                                 -- Mike
>
>
>
> *From:* Id-event [mailto:id-event-bounces@ietf.org
> <id-event-bounces@ietf.org>] *On Behalf Of *Phil Hunt
> *Sent:* Friday, December 1, 2017 10:36 AM
> *To:* SecEvent <id-event@ietf.org>
> *Cc:* Yaron Sheffer <yaronf.ietf@gmail.com>; Dick Hardt <
> dick.hardt@gmail.com>
> *Subject:* Re: [Id-event] Consensus :: Single Event Syntax
>
>
>
> For historical purposes, this has been discussed twice before (once at the
> request of Annabelle).
>
>
>
> I think it would be helpful, why, after WGLC, this issue is being brought
> forward yet again. Dick has stated that Annabelle’s concern that she finds
> it difficult to implement is sufficient.  Yet, I’m not sure we are
> entertaining a new concern here. No new information was provided.
>
>
>
> I note that at the time, the chairs did not feel there was a lack of
> consensus in order to call for one in the past.
>
>
>
> On some of these matters, the choice may be arbitrary, and that is why I
> think keeping track of prior discussion is important so that we can clearly
> move forward and not repeat discussion of the past further confusing
> consensus.
>
>
>
> While I advocated for singular events as a possibility in the past, I now
> have much more stronger technical reasons for the WG draft design, which
> have strengthened rather than weakened in the past week. I will share these
> later, after the minutes have been published.
>
>
>
> On Dec 10, 2016, Yaron while reviewing the ID draft-hunt-idevent-token-07
> [1]:
>
>   * Why "events" and not "event"? We don't really have support for
>
>     multiple events. Certainly not if they are all of the same type.
>
>     The current text is confusing: "events" is not the same as "a
>
>     primary event and its extensions”.
>
> [MIKE] Reflects your earlier comment re: primary vs. extensions.  "events” is
>
> plural to reflect the fact that the attribute is multi-valued. I agree,
>
> given that only one primary event can be included, the naming is misleading.
>
>
>
> From later in the thread [2]:
>
>  * 2: "first value" is meaningless. JSON objects are unordered (4th
>    paragraph of RFC 7159). If order /is/ important, we could make
>    "events" into an array.
>
> *[Phil] *Yup.   How would the group like to fix this?  We could make
> “events”
> singular and have an extensions attribute to hold the extensions.  Or we
> could go to a more complex JSON structure (not personally a fan).
>
>
> *[Yaron]* I'm personally fine with a main "event" object and an
> "extensions" attribute. I can even live with "event" being called "events",
> per Mike's proposal. But the structure needs to make sense as a JSON object
> if we want it implemented.
>
>
>
> [PH] Thread: Should the primary event be a separate attribute?
>
>
>
> We had this broken out before. If there is sufficient desire to break it
> out again, I have no objection.
>
>
>
> Then following WG adoption, I re-reraised the issue after discussion with
> Annabelle draft-secevent-token-00 [3]:
>
> On this topic, following Yaron’s comments Mike Jones raised some points
> that there should be no distinction between primary events and extensions (
> https://mailarchive.ietf.org/arch/msg/id-event/0Hhg46ROcidQDLL7OnXUs88TJ9U).
>  Summarizing:
>
> * Processors will run through all of them regardless. It is not
> necessarily helpful to understand which is a primary vs. extension
>
> * Let’s drop distinction between primary vs. extension. You can simply
> express one or more sets of event attributes in a single JWT
>
>
>
> My proposal is to drop this terminology in the text and keep the attribute
> multi-valued. The purpose of the attribute is to inform the reader what
> events are being asserted and what additional data may be present. It is up
> to the reader to ultimately infer meaning when one or more URIs are
> present.  Further, when multiple URIs are present it must still to make a
> combined statement about a single state change about a subject. It must not
> be used to convey multiple distinct (e.g. transactions) events about a
> subject.
>
>
>
> Assuming everyone agrees, I will plan to remove these distinctions in the
> next update with some new text. Please comment if you have concerns.
>
>
>
> To which Mike Jones responded [4]
>
> I believe we already had consensus to drop the primary/secondary
> distinction, which we intentionally did before adoption of the working
> group draft.  I believe any such distinction will both be unhelpful and
> result in syntactic complexity.  Please let’s finish stamping out the
> notion that any of the events in a SET are somehow different than the
> others.
>
>
>
> William Denniss wrote [5]:
>
> I agree with your proposal.
>
>
>
> They're all just events. Up to implementors to define & categorize their
> events how they like.
>
>
>
> Marius also agreed (he may have switched positions now) [6]:
>
> I also think it makes sense to remove the primary/secondary distinction.
>
>
> Marius
>
>
>
> Justin also agreed (and may have switched positions) [7]
>
> +1, drop "primary" and keep it an object
>
>  -- Justin
>
>
>
> References:
>
> [1] - https://www.ietf.org/mail-archive/web/id-event/current/msg00298.html
>
> [2] - https://www.ietf.org/mail-archive/web/id-event/current/msg00299.html
>
> [3] - https://www.ietf.org/mail-archive/web/id-event/current/msg00345.html
>
> [4] - https://www.ietf.org/mail-archive/web/id-event/current/msg00347.html
>
> [5] - https://www.ietf.org/mail-archive/web/id-event/current/msg00349.html
>
> [6] - https://www.ietf.org/mail-archive/web/id-event/current/msg00365.html
>
> [7] - https://www.ietf.org/mail-archive/web/id-event/current/msg00406.html
>
>
>
> Phil
>
>
>
> Oracle Corporation, Identity Cloud Services Architect
>
> @independentid
>
> www.independentid.com
>
> phil.hunt@oracle.com
>
>
>
> On Dec 1, 2017, at 8:50 AM, Dick Hardt <dick.hardt@gmail.com> wrote:
>
>
>
> Is it important to syntactically ensure that only one event is in a SET?
> For privacy reasons, some use cases want to ensure that only one signal is
> in a SET.
> This adds some additional complexity for use cases that want to include
> multiple signals in a SET.
>
> See https://tools.ietf.org/html/draft-backman-secevent-token-02
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dbackman-2Dsecevent-2Dtoken-2D02&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=p986FFBYCnXfbWjoBBpAe4IarEj1m7ezmVE3DPSQzwY&s=P-rrbMomS-aMBQQ0HPfPzvNPkWHLDYs8SsugRHx-eLM&e=> for
> an proposed syntax that ensures one event per SET, and enables multiple
> events per SET when desired
>
>
>
> We will track results here: https://github.com/IETF-
> SecEvent/Drafts/issues/1
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_IETF-2DSecEvent_Drafts_issues_1&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=p986FFBYCnXfbWjoBBpAe4IarEj1m7ezmVE3DPSQzwY&s=3f7fFs9ZKZrg1ScI3Ml2r8ykvHGuBbup831kDUNklfw&e=>
>
>
>
> Discussion to be on the mail list as usual, not in the issue tracker!
>
>
>
> /Dick
>
> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.
> ietf.org_mailman_listinfo_id-2Devent&d=DwICAg&c=
> RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=
> na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=
> p986FFBYCnXfbWjoBBpAe4IarEj1m7ezmVE3DPSQzwY&s=YnAKATJz3qVYniVaDUIMtQb9L-
> vMocgsYARzV6axzq4&e=
>
>
>
> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org
> https://www.ietf.org/mailman/listinfo/id-event
>
>

v2.23.0 | Report a Bug | By Email