IETF Logo Mail Archive

[Id-event] Subject categories

Atul Tulshibagwale <atultulshi@google.com> Wed, 19 August 2020 18:05 UTC

Return-Path: <atultulshi@google.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42F073A0807 for <id-event@ietfa.amsl.com>; Wed, 19 Aug 2020 11:05:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.6
X-Spam-Level:
X-Spam-Status: No, score=-17.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VFJGqVKPyFDy for <id-event@ietfa.amsl.com>; Wed, 19 Aug 2020 11:05:14 -0700 (PDT)
Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5BA23A07CE for <id-event@ietf.org>; Wed, 19 Aug 2020 11:05:13 -0700 (PDT)
Received: by mail-yb1-xb2a.google.com with SMTP id m200so13806923ybf.10 for <id-event@ietf.org>; Wed, 19 Aug 2020 11:05:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=I2xBBCoIL+c9OpX6POsHuG/9eM4lfoPCBK7vDouiKIE=; b=Ak5WODyOfrUIeZuOElUE/AnPgT2A2U5pNtSyCAUalIE5h6u5XSJnIR69A+OomD1GDi qikMK5h/MjpbVjRtOHloJM2M+Rwa7awTMarcNsx2OK2sZ2WxBfihNJfKhWZCV7qmoUOZ mHjk96TimkmGd2taGtxOh2b7KeuVLaEvwRCmMJJSvugG3WkY9jPRBXCcFvsv7OTkRiE8 kLB7TnBg/CgIAeqDDEiZ9qw8QqAxKAbtUxS3a+R3BZPf3rTpurJRb5CoLZo6wWstvGKS LYbTX/fLdCVpL6oLpQs457JyelELUKKm2m7g+Wb9fpin6eigDvsVZWL+I8as0KFfb3wT pOkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=I2xBBCoIL+c9OpX6POsHuG/9eM4lfoPCBK7vDouiKIE=; b=WOJAF+gFs/7Id73bFbLlSSjvFAOG7b+zJpP7sO22quR/SJDjcVwXrCStFopiY6HgHo n7o1Ule5Q7f4d2dV2A4Ai2bwirM4DrSrIbmaCw44BaRfZk9Hmj5v0moDiiZvakZuIfyR qdyuBhow5tyUWzDqzIoe6nvkcUSYFGohBa9Ey7QMyzP7d0C3aUxAZl1LSs+7NZU0RbjA 1BhLtNKLnsnDFZi7AdjymQvvXcF3Hw2iWPc+95l+LF04owTU7XsxtS84wXADPHkPKhxg Bz8XpKsLD+U9unHN7xC/YfiAuk9gik6An/Wy54SMKJgHwGV72nVq3RvEtEGvuyBoSDFH Rcpw==
X-Gm-Message-State: AOAM533z1cmIbkA/vGrsPx8cifi9T2y4vRBwLgrzkN9C7HU1GyuI3guD YtLv9LXOgO+YWOtcryQ9LVcfR0F05i/3qzG0+G2q5A==
X-Google-Smtp-Source: ABdhPJyPzs9OZZD2YNmFa2jjnMhtKDFaOfG6VvonZtCeZtppB2DZtk8bi4h1/71rEX3je8Sfvxve4TMVgCr2u3DyDPA=
X-Received: by 2002:a25:3483:: with SMTP id b125mr38050385yba.8.1597860312706; Wed, 19 Aug 2020 11:05:12 -0700 (PDT)
MIME-Version: 1.0
From: Atul Tulshibagwale <atultulshi@google.com>
Date: Wed, 19 Aug 2020 11:05:01 -0700
Message-ID: <CAMCkG5sj7wQPHLRwmV1TTWA+r=Fgyz5pSOA3dUwurVEdTa-o_Q@mail.gmail.com>
To: Openid-specs-risc <openid-specs-risc@lists.openid.net>
Cc: SecEvent <id-event@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005771a805ad3ed88c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/cibBLqdRVM_hcn6wCE3gj1Pb8i0>
Subject: [Id-event] Subject categories
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2020 18:05:15 -0000

Hi all,
As agreed on the SSE call yesterday, I'd like to present a use-case where I
believe subject categories within a subject identifier are useful. I
encourage others to also send such emails in advance of the call next
Tuesday, so that there's more clarity on the viewpoints and use-cases.

My use case:
Say a SSE Transmitter wants to signal that the authentication for a certain
user on a certain device has weakened (due to some change initiated,
observed or inferred by the transmitter). The user may have authenticated
to many devices, and one device may have sessions for multiple users.

In this case, the possibilities for conveying such information through an
event are:

   1. Include two subject identifiers in a single event. The SSE spec can
   define that when multiple subjects are present within the same event, the
   subject is identified as an "AND" of all such subject identifiers. This was
   a point of confusion in yesterday's call, but I believe this can be
   clarified in the specification and will not be a point of confusion once
   clarified. Each subject identifier specifies the category that it applies
   to. (i.e, one subject identifier is for the user category and another for
   the device category)
   2. Define the "authentication status change" event such that it can take
   multiple optional fields. A field can be "user", another can be "device"

Sending multiple events, one with a user subject and another with a device
subject is not really a choice because it will mean the first event applies
to everywhere the user is logged in to, and the second event applies to all
users logged into the device.

Having the subject category will help if the user is identified by the
subject identifier type "phone number", to clarify that the subject refers
to the user and not the device.

Option 1 is better because it is independent of the event type. Processing
multiple subject identifiers with a well defined combination semantics will
help identify subjects that the event applies to in advance of processing
the specific event.

Option 2 intertwines the logic of event processing with subject
identification and can cause an implementer to have more code that differs
slightly in handling each event that has multiple subject possibilities.

Atul

v2.23.0 | Report a Bug | By Email