IETF Logo Mail Archive

Re: [Id-event] RFC 9493 on Subject Identifiers for Security Event Tokens

Brian Campbell <bcampbell@pingidentity.com> Tue, 12 December 2023 16:27 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9C98C14F61B for <id-event@ietfa.amsl.com>; Tue, 12 Dec 2023 08:27:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3x9L5lJlKjqc for <id-event@ietfa.amsl.com>; Tue, 12 Dec 2023 08:27:07 -0800 (PST)
Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73325C14F60D for <id-event@ietf.org>; Tue, 12 Dec 2023 08:27:07 -0800 (PST)
Received: by mail-pf1-x434.google.com with SMTP id d2e1a72fcca58-6cda22140f2so5140988b3a.1 for <id-event@ietf.org>; Tue, 12 Dec 2023 08:27:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1702398426; x=1703003226; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=wN41QGKgS/tY2X2gUdnFJ3UKirbh6ywBb0l8lOJKh+s=; b=RX5LmgPbnOd0NHkaWGzWrQPw8rE8AP0Qh+ygso2JOYzEyg9dDUxEccVZu4BLNo46u3 Q7tAeYMp1s6fXCSIPvynOBx7jhUZsDoxoLstYU3dWlmq5BYhzIXu1Chd/not92/WGHE5 XDci8LYtUHYmeejVjis68Nz9S5Zu86mB9S5S92J7i9c1AVeYTpHQezrtl0wvtzmyuTfa qLPK0BfXeiIYm877lPA2L2W3dIhYsRkFxGA2Y4/+5RN0DEAFGxqAu9vA552c8D7iUGMP 6Bcbh6WGVoPG3JP+b9EY1wiJd6/q8KBn4J0N2TleWLL614yVBs/DAy0cS+UgbHMei6ut Si4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702398426; x=1703003226; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=wN41QGKgS/tY2X2gUdnFJ3UKirbh6ywBb0l8lOJKh+s=; b=NLENHrUIA4JYU/5SJSevosKcddPjV03dbJ6FEVZmNydUQ3jHfqTM/JPBwh5MzjGU0d WCP7O/q84p33wkHGOkCe88a8VLDJyvpZLR4/xxBx90FIUV29ym+uzXfr5osABQcy/k8G XJ2agjEYrPHPR3lC8WprSzeCtzl1ANj5PqJvQ2rANrQJQ6Gngr/RzeqnjjWChoavP2lR VZ6hVP88Oy2aTYdumfQqs8WJ/i2fyGLB1M27M42eBMIdnJbvX0hiV0ZHluTCxAIAUvcu 1xNoSWGhEZ/sO7Mywz7DULAEfphTYVz1v5ZCF2nDQJ2eu1FzHdXLN/jh/1kZRTrpKG9F POXQ==
X-Gm-Message-State: AOJu0YzAfXJye31y331MF3STlWjc4F3zSgwre90HBlk1bloIzzuEUg6O bviYy7JfRTbz0NJo6R3ZVFWxXHw4GHFGVnP0hQpiA6Wus2T9BctLT2Cut5m7QqF93ddrjwm8F2G /BWd9VuumEgh/OAorEaTA6dzGrwuT
X-Google-Smtp-Source: AGHT+IG2RftYY6UFr20Uq0S2mnamKaYp230NW991JpY3CkVBEycR1qKoKA3UHmPtiTpcpyqfCyMw9SHz6CPTp2jUARs=
X-Received: by 2002:a05:6a00:2e25:b0:6d0:8c5e:64d5 with SMTP id fc37-20020a056a002e2500b006d08c5e64d5mr4146196pfb.32.1702398426466; Tue, 12 Dec 2023 08:27:06 -0800 (PST)
MIME-Version: 1.0
References: <20231207010618.7B21719073C5@rfcpa.amsl.com> <D41A05EF-7402-456B-8190-7C8EA65575A8@gmail.com> <CAA1-vB3fVQEu=eQbPYFk6DcQqvU3b8mzBYGJzOR9yzFw7WGAbQ@mail.gmail.com> <CANtBS9dvRAyXXUjCHKQtC3nyP+tXhYKmZ=Fb98qgX53er6Z5JQ@mail.gmail.com> <1CEC92EC-B8F1-49C9-9ED1-DD878FCAD1D1@gmail.com> <CANtBS9cQgw4gkfqoUSD73RbCN01u2kgpDVCct=T_O4tS2_vkOQ@mail.gmail.com>
In-Reply-To: <CANtBS9cQgw4gkfqoUSD73RbCN01u2kgpDVCct=T_O4tS2_vkOQ@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 12 Dec 2023 09:26:16 -0700
Message-ID: <CA+k3eCTGy4zMT-Yh5jSRarqUsw7rBCS8A4UqF1KgMmcXnsyO3Q@mail.gmail.com>
To: Atul Tulshibagwale <atul@sgnl.ai>
Cc: Yaron Sheffer <yaronf.ietf@gmail.com>, Prachi Jain <prachi.jain1288@gmail.com>, id-event@ietf.org
Content-Type: multipart/alternative; boundary="0000000000007a3942060c52858f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/WrjlVTF1H5kWH2KOELr_BnXZH00>
Subject: Re: [Id-event] RFC 9493 on Subject Identifiers for Security Event Tokens
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Dec 2023 16:27:11 -0000

I'd concur with Atul here and suggest the errata should be verified and, if
possible, the title in the registry updated accordingly.

On Mon, Dec 11, 2023 at 3:32 PM Atul Tulshibagwale <atul@sgnl.ai> wrote:

> Hi Yaron,
> I believe it is an error, because what is described in the RFC is not
> "Security Event Identifiers", they are "Subject Identifiers" within
> Security Event Tokens.
>
> I agree that the content of the registry matters more, but I am writing a
> draft that relies on this RFC and this registry in particular. It uses the
> same Subject Identifier formats, but not within SETs, and the API I'm
> defining in my draft has nothing to do with Security Events. Therefore it
> becomes confusing to the readers of my draft to be referencing an IANA
> registry named "Security Event Identifier Format Registry".
>
> I've filed an errata now: https://www.rfc-editor.org/errata/eid7727. I'm
> happy to discuss with the WG.
>
> Thanks,
> Atul
>
>
> On Mon, Dec 11, 2023 at 1:51 PM Yaron Sheffer <yaronf.ietf@gmail.com>
> wrote:
>
>> Hi Atul,
>>
>>
>>
>> I am personally on the fence here because the original context is
>> identifiers used in security events. See the RFC’s Introduction, where we
>> start with security events and then slowly broaden the scope. However, if
>> you think this is in error and should be fixed, feel free to file an errata
>> [1] and we will discuss it.
>>
>>
>>
>> Ultimately what counts is the IANA registry [2] and whether it is
>> comprehensible and useful.
>>
>>
>>
>> Thanks,
>>
>>                 Yaron
>>
>>
>>
>> [1] https://www.rfc-editor.org/errata.php#reportnew
>>
>> [2] https://www.iana.org/assignments/secevent/secevent.xhtml
>>
>>
>>
>> *From: *Atul Tulshibagwale <atul@sgnl.ai>
>> *Date: *Monday, 11 December 2023 at 21:54
>> *To: *Prachi Jain <prachi.jain1288@gmail.com>
>> *Cc: *Yaron Sheffer <yaronf.ietf@gmail.com>, <id-event@ietf.org>
>> *Subject: *Re: [Id-event] RFC 9493 on Subject Identifiers for Security
>> Event Tokens
>>
>>
>>
>> Thanks Yaron,
>>
>>
>>
>> I think I discovered an issue with the spec, just as I was trying to
>> refer to it:
>>
>>
>>
>> Section 8.1 is named "Security Event Identifier Formats Registry". Should
>> it be named "Subject Identifier Formats Registry"? There are a few more
>> changes that will flow from there, if this is considered to be an error.
>>
>>
>>
>> Atul
>>
>>
>>
>>
>>
>> On Thu, Dec 7, 2023 at 3:51 AM Prachi Jain <prachi.jain1288@gmail.com>
>> wrote:
>>
>> Thanks Yaron. Truly appreciate the guidance and support in getting this
>> past the finish line.
>>
>>
>>
>> On Thu, Dec 7, 2023 at 5:04 AM Yaron Sheffer <yaronf.ietf@gmail.com>
>> wrote:
>>
>> Congratulations on this last deliverable of the Security Events working
>> group. Thanks to Annabelle and Prachi who drove this document to completion!
>>
>>         Yaron
>>
>> On 07/12/2023, 3:06, "id-event-bounces@ietf.org <mailto:
>> id-event-bounces@ietf.org> on behalf of rfc-editor@rfc-editor.org
>> <mailto:rfc-editor@rfc-editor.org>" <id-event-bounces@ietf.org <mailto:
>> id-event-bounces@ietf.org> on behalf of rfc-editor@rfc-editor.org
>> <mailto:rfc-editor@rfc-editor.org>> wrote:
>>
>>
>> A new Request for Comments is now available in online RFC libraries.
>>
>>
>>
>>
>> RFC 9493
>>
>>
>> Title: Subject Identifiers for Security Event Tokens
>> Author: A. Backman, Ed.,
>> M. Scurtescu,
>> P. Jain
>> Status: Standards Track
>> Stream: IETF
>> Date: December 2023
>> Mailbox: richanna@amazon.com <mailto:richanna@amazon.com>,
>> marius.scurtescu@coinbase.com <mailto:marius.scurtescu@coinbase.com>,
>> prachi.jain1288@gmail.com <mailto:prachi.jain1288@gmail.com>
>> Pages: 18
>> Updates/Obsoletes/SeeAlso: None
>>
>>
>> I-D Tag: draft-ietf-secevent-subject-identifiers-18.txt
>>
>>
>> URL: https://www.rfc-editor.org/info/rfc9493 <
>> https://www.rfc-editor.org/info/rfc9493>
>>
>>
>> DOI: 10.17487/RFC9493
>>
>>
>> Security events communicated within Security Event Tokens may support
>> a variety of identifiers to identify subjects related to the event.
>> This specification formalizes the notion of Subject Identifiers as
>> structured information that describes a subject and named formats
>> that define the syntax and semantics for encoding Subject Identifiers
>> as JSON objects. It also establishes a registry for defining and
>> allocating names for such formats as well as the JSON Web Token (JWT)
>> "sub_id" Claim.
>>
>>
>> This document is a product of the Security Events Working Group of the
>> IETF.
>>
>>
>> This is now a Proposed Standard.
>>
>>
>> STANDARDS TRACK: This document specifies an Internet Standards Track
>> protocol for the Internet community, and requests discussion and
>> suggestions
>> for improvements. Please refer to the current edition of the Official
>> Internet Protocol Standards (https://www.rfc-editor.org/standards <
>> https://www.rfc-editor.org/standards>) for the
>> standardization state and status of this protocol. Distribution of this
>> memo is unlimited.
>>
>>
>> This announcement is sent to the IETF-Announce and rfc-dist lists.
>> To subscribe or unsubscribe, see
>> https://www.ietf.org/mailman/listinfo/ietf-announce <
>> https://www.ietf.org/mailman/listinfo/ietf-announce>
>> https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist <
>> https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist>
>>
>>
>> For searching the RFC series, see https://www.rfc-editor.org/search <
>> https://www.rfc-editor.org/search>
>> For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk <
>> https://www.rfc-editor.org/retrieve/bulk>
>>
>>
>> Requests for special distribution should be addressed to either the
>> author of the RFC in question, or to rfc-editor@rfc-editor.org <mailto:
>> rfc-editor@rfc-editor.org>. Unless
>> specifically noted otherwise on the RFC itself, all RFCs are for
>> unlimited distribution.
>>
>>
>>
>>
>> The RFC Editor Team
>> Association Management Solutions, LLC
>>
>>
>> _______________________________________________
>> Id-event mailing list
>> Id-event@ietf.org <mailto:Id-event@ietf.org>
>> https://www.ietf.org/mailman/listinfo/id-event <
>> https://www.ietf.org/mailman/listinfo/id-event>
>>
>>
>>
>>
>> _______________________________________________
>> Id-event mailing list
>> Id-event@ietf.org
>> https://www.ietf.org/mailman/listinfo/id-event
>>
>> _______________________________________________
>> Id-event mailing list
>> Id-event@ietf.org
>> https://www.ietf.org/mailman/listinfo/id-event
>>
>> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org
> https://www.ietf.org/mailman/listinfo/id-event
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

v2.23.0 | Report a Bug | By Email