IETF Logo Mail Archive

Re: [Id-event] I-D Action: draft-ietf-secevent-delivery-00.txt (and Verify Event)

Marius Scurtescu <mscurtescu@google.com> Tue, 01 August 2017 19:17 UTC

Return-Path: <mscurtescu@google.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 180031322E9 for <id-event@ietfa.amsl.com>; Tue, 1 Aug 2017 12:17:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ce9_nOsMMByv for <id-event@ietfa.amsl.com>; Tue, 1 Aug 2017 12:17:51 -0700 (PDT)
Received: from mail-it0-x229.google.com (mail-it0-x229.google.com [IPv6:2607:f8b0:4001:c0b::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCAB71322DD for <id-event@ietf.org>; Tue, 1 Aug 2017 12:17:50 -0700 (PDT)
Received: by mail-it0-x229.google.com with SMTP id v127so21260111itd.0 for <id-event@ietf.org>; Tue, 01 Aug 2017 12:17:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=o+8BvPurNGgbJbgT1Gh7JQhkDYXEu4QF+yTcV1Q5crU=; b=Q6v8k7Fm5Ji3zWvV5vpd15o83DaU7tc7SbZ0yGrN6HgjMCHW2HonWq9PLR1WllMN2R 0WlCuID8GWb+V7ZDc91O8YNSkcxZ7EgQk8LqB0B1aL1ExkqM8BeWHYsU/7W9LsmyqPaz nv81PCAVM57I2OROfcvwanVbIXx1gwJRXCd6Pvb2H3oQz9xiun3jlP9R7eBqfdZYKhEK ApyfAtcMw1L3i0M/1UADuutLXHmD5/he7B3LGwvgpIyKFjpIZRtP6pE+3Usjz0VqsvA9 a9z+j+T34TbWqzhF7P/ZwU/Cyw+lov667z6Oqxf1IBrkmwjs6fgqj3AaYs7HH4UN2PUg alNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=o+8BvPurNGgbJbgT1Gh7JQhkDYXEu4QF+yTcV1Q5crU=; b=tt874xFMVRwNPAgbNF6AGUQszuLKy2rL4uUTYCg7EZIV9hjFDwztP1a9Niftzytiw4 qmYmeB+AH1rdhBlb4j8jGk4p02Qq4AiHsBQSGX/502pAo0F5QrMUaUB/h534R8hsNJwp FsYULz+y3g1j1sqTzms0V/jk9wa9s0f7AfnkypHijXvPLSlK2514vF2QAbYwA8hMbh+b pqfcJqgNmwIl1qvOsXVBV6W+qLSCT4t9wFF5nfL94T+xuH3TukMSORKs5QIzq0PwOzza q4FAeezObDVRCpjYX7UgL0PGuAH51XXbSGWp/HFVgOgDXJKJd0j4tjBErWh1qUJf5DFI lsxA==
X-Gm-Message-State: AIVw110f1JIjVmnokOlU3aPSezJz7+XvLsaqjGo33gjMuws3YdOMuDRw AVcoFjBy8yajh+MSvpmym5hMVMoGJAJl
X-Received: by 10.36.7.138 with SMTP id f132mr3063860itf.10.1501615069758; Tue, 01 Aug 2017 12:17:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.19.95 with HTTP; Tue, 1 Aug 2017 12:17:29 -0700 (PDT)
In-Reply-To: <CY4PR21MB05040488261E57DA81923E5AF5B20@CY4PR21MB0504.namprd21.prod.outlook.com>
References: <150130555312.20751.6664832712498006194@ietfa.amsl.com> <FE9A1FB8-0DC5-48F6-853F-6E1733DA5A5B@oracle.com> <f5782aca-d71e-0f98-b7a3-4f03ae289540@gmail.com> <CY4PR21MB05040488261E57DA81923E5AF5B20@CY4PR21MB0504.namprd21.prod.outlook.com>
From: Marius Scurtescu <mscurtescu@google.com>
Date: Tue, 01 Aug 2017 21:17:29 +0200
Message-ID: <CAGdjJpLmgQS_7y77_gP5R-aUPKvTk7V0hykoQdBAzhXDK+wZ+g@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Cc: Yaron Sheffer <yaronf.ietf@gmail.com>, Phil Hunt <phil.hunt@oracle.com>, ID Events Mailing List <id-event@ietf.org>
Content-Type: multipart/alternative; boundary="001a11459294d309de0555b600c4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/M6UJp7fcoyjexVJRfQHuGwxz6NU>
Subject: Re: [Id-event] I-D Action: draft-ietf-secevent-delivery-00.txt (and Verify Event)
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2017 19:17:54 -0000

+1 for what Mike said

The reason we suggested that the Verification event definition is moved to
the management api draft (aka control plane draft) is because that draft
defines the API to trigger one of these events. I thing it would help to
have both the event definition and the triggering mechanism in the same
draft.

Marius

On Mon, Jul 31, 2017 at 9:05 PM, Mike Jones <Michael.Jones@microsoft.com>
wrote:

> I am strongly opposed to defining a normative event in the SET spec, as it
> would be a layering violation.  The purpose of the SET spec is to define
> syntax and semantics that applies to *all* SETs.
>
> The purpose of defining specific events is to meet the needs of a
> particular event profile for a particular class of applications.  Any
> normative event definition would have to meet all the Requirements for SET
> Profiles (as described at https://tools.ietf.org/html/
> draft-ietf-secevent-token-02#section-3), including defining the key
> management discipline for that event's profile.  (As Leif discussed in
> Prague, even for identity scenarios, there are numerous potential key
> management strategies, some depending upon Web PKI and some not.)  Adding
> all this to the SET spec would be a confusing distraction.  Among other
> things, it would raise the mostly unanswerable question "Why is this event
> more special than others?".
>
>                                 -- Mike
>
> -----Original Message-----
> From: Id-event [mailto:id-event-bounces@ietf.org] On Behalf Of Yaron
> Sheffer
> Sent: Monday, July 31, 2017 9:42 AM
> To: Phil Hunt <phil.hunt@oracle.com>; ID Events Mailing List <
> id-event@ietf.org>
> Cc: Marius Scurtescu <mscurtescu@google.com>
> Subject: Re: [Id-event] I-D Action: draft-ietf-secevent-delivery-00.txt
> (and Verify Event)
>
> Hi Phil,
>
>  From a procedural point of view (not taking any stand on whether this is
> a good change or not), the SET draft is absolutely open to changes.
> At most, we might decide that there've been too many changes and will call
> for a second WGLC at some point. Not a big deal.
>
> Thanks,
>         Yaron
>
> On 31/07/17 19:20, Phil Hunt wrote:
> > As requested by Yaron, I have posted the delivery draft unchanged as
> > the WG draft.
> >
> > Marius made a suggestion that as per discussion in Prague that the
> > Verify Event be removed from the Delivery draft and potentially placed
> > in an upcoming control plane draft (to be proposed).
> >
> > After some thinking, I propose the Verify Event be placed into the SET
> > Token draft. It would actually be a good thing to have at least one
> > “normative” event defined in SET Token.
> >
> > If the group is agreeable, I am happy to propose some modified Verify
> > Event definition text to move into the SET Token spec.  Note: SET
> > Token is or is about to be WGLC.  Chairs: Can we consider this?
> >
> > I would suggest we only move Verify to Control Plane if there is a
> > specific reason (eg. distinct or separate use cases that may be
> > specific to some profiles) why it is better suited there.
> >
> > If there is no objection, I will:
> > * Remove the Verify Event from the Delivery Spec on its next regular
> > update
> > * Update SET Token Spec with Verify Event, subject to guidance in
> > regards to WGLC.
> >
> > Phil
> >
> > Oracle Corporation, Identity Cloud Services Architect & Standards
> > @independentid www.independentid.com <http://www.independentid.com>
> > phil.hunt@oracle.com <mailto:phil.hunt@oracle.com>
> >
> >> On Jul 28, 2017, at 10:19 PM, internet-drafts@ietf.org
> >> <mailto:internet-drafts@ietf.org> wrote:
> >>
> >>
> >> A New Internet-Draft is available from the on-line Internet-Drafts
> >> directories.
> >> This draft is a work item of the Security Events WG of the IETF.
> >>
> >>        Title           : SET Token Delivery Using HTTP
> >>        Authors         : Phil Hunt
> >>                          Marius Scurtescu
> >>                          Morteza Ansari
> >>                          Anthony Nadalin
> >>                          Annabelle Richard Backman
> >> Filename        : draft-ietf-secevent-delivery-00.txt
> >> Pages           : 28
> >> Date            : 2017-07-28
> >>
> >> Abstract:
> >>   This specification defines how a series of security event tokens
> >>   (SETs) may be delivered to a previously registered receiver using
> >>   HTTP POST over TLS initiated as a push to the receiver, or as a poll
> >>   by the receiver.  The specification also defines how delivery can be
> >>   assured subject to the SET Token Receiver's need for assurance.
> >>
> >>
> >> The IETF datatracker status page for this draft is:
> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf
> >> .org_doc_draft-2Dietf-2Dsecevent-2Ddelivery_&d=DwICAg&c=RoP1YumCXCgaW
> >> HvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4
> >> C_lLIGk&m=-776NP5LxWSJp_f1PMNn10AECHMGYqhgPsPTqXr4srE&s=pc0m7nhCLHj3M
> >> ab6Ppgz8m3HF_kwzH4EKFO6jtzNYfE&e=
> >>
> >>
> >> There are also htmlized versions available at:
> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_h
> >> tml_draft-2Dietf-2Dsecevent-2Ddelivery-2D00&d=DwICAg&c=RoP1YumCXCgaWH
> >> vlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C
> >> _lLIGk&m=-776NP5LxWSJp_f1PMNn10AECHMGYqhgPsPTqXr4srE&s=6jsUPOsyCumT0Z
> >> D-nr6TrlbMzPGgPWZ4OVQjSEr1aOo&e=
> >>
> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf
> >> .org_doc_html_draft-2Dietf-2Dsecevent-2Ddelivery-2D00&d=DwICAg&c=RoP1
> >> YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEiv
> >> zjWwlNKe4C_lLIGk&m=-776NP5LxWSJp_f1PMNn10AECHMGYqhgPsPTqXr4srE&s=IX4v
> >> I17s3YIk7uq1W2aVRxUHH8ybXQZxgyNJLr1H_Ug&e=
> >>
> >>
> >>
> >> Please note that it may take a couple of minutes from the time of
> >> submission until the htmlized version and diff are available at
> >> tools.ietf.org <http://tools.ietf.org>.
> >>
> >> Internet-Drafts are also available by anonymous FTP at:
> >> https://urldefense.proofpoint.com/v2/url?u=ftp-3A__ftp.ietf.org_inter
> >> net-2Ddrafts_&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&
> >> r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=-776NP5LxWSJp_f1PMNn1
> >> 0AECHMGYqhgPsPTqXr4srE&s=M-c_zQSJ7nJg1SbvMQqc2f2yJFUnTDPT9IMX_-h9Fyw&
> >> e=
> >>
> >>
> >> _______________________________________________
> >> Id-event mailing list
> >> Id-event@ietf.org <mailto:Id-event@ietf.org>
> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mai
> >> lman_listinfo_id-2Devent&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpk
> >> KY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=-776NP5LxW
> >> SJp_f1PMNn10AECHMGYqhgPsPTqXr4srE&s=aTnebfvP2aZrcA1xIr41D3o8_5Qpyx_NG
> >> C7S1km7uKE&e=
> >>
> >
>
> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org
> https://www.ietf.org/mailman/listinfo/id-event
>

v2.23.0 | Report a Bug | By Email