Re: [Id-event] New Version Notification for draft-ietf-secevent-subject-identifiers-06.txt
Tim Cappalli <Tim.Cappalli@microsoft.com> Wed, 23 September 2020 17:22 UTC
Return-Path: <Tim.Cappalli@microsoft.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 0D5C83A1334
for <id-event@ietfa.amsl.com>; Wed, 23 Sep 2020 10:22:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.238
X-Spam-Level:
X-Spam-Status: No, score=-2.238 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.695, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, LH_URI_DOM_IN_PATH=1.446,
SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001]
autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 2o1jYthtuRN4 for <id-event@ietfa.amsl.com>;
Wed, 23 Sep 2020 10:22:19 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com
(mail-eopbgr650100.outbound.protection.outlook.com [40.107.65.100])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 24C943A133A
for <id-event@ietf.org>; Wed, 23 Sep 2020 10:22:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=K9EcHfKMu8mexfQZ34QOXqHgAffWBAOrnoYJHlc8rfawL+YciXfJakRmGAWeWXcDG6Jm/kcwowP9JtuSOnrTEtes9c17oP0W7JJ00q7YBMScoPKHUFjFYDwSjhl4vo1qRloyf5KtjbvUUlg8D90nCUdgnmScQNFsFwxMYyyLqDfAWi/p5vnnPM1FWltNhsrd5QnJVb76dedPC1H4/uk1HO8fJyd6gZFIvk/uXcvY//wXUfZpqGzULmmf41IZ3I1c4z1KfLI32R7Xj6D8h3CRKvq4mFwVRRc7sHiwTshZJ0YR0WtSqVSmsj19g6vub5bfj602R6a5hiu1evKTMw1o1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=gEokOlvlSugY8tXpseLzSk0iFk6mUteS6bT2YAkqNoM=;
b=N/lsuthCUhAHb/X2c34MkG567tI2aBoVauGewGlBiLIJ66tYkSEEXuo5fGUZwVZx1vK4LA/Pmti3ht9P14n54z40MPDIzdn5TzuVMMJAumJRL4SwOkLsiBefjv0X9VOA50yyZ+qyrmZFEdYLO4/jz9bAT26dnEeQrfkXufCOZiC8Kb9xdqBf9MOr48Zah0CgarLqcgJ9oa0mZgx4gOUl0c2nqfE2mqj+Y+XfyDl0wzslF5xL/iavZeqkRMaciKuhZ92zwpKVqG3qovHd7YsLAJyh4zDWKilgTJ+ltPjMH2WkjcSaY2tGHNaraG7NMebDB5BEUprR2Ue2LCHzUGRSSw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=microsoft.com; dmarc=pass action=none
header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=selector2;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=gEokOlvlSugY8tXpseLzSk0iFk6mUteS6bT2YAkqNoM=;
b=VsmLZ7ywN+foxQFb/+aVLn6kReIZCTRgPtyiulp0WZkg0Xw5dE6dloI7fFRuQaO0XJ1Iudz4Ik2V2eVVo91NWz+SvRLGgmM1hu+tI98V9Uu54j/rO9WwimqVJKa74iXmNNSi/Z1NSjCHTAvmqUPauYdIb5Sa4TJi266gRkAxybs=
Received: from (2603:10b6:208:fd::15) by
MN2PR00MB0574.namprd00.prod.outlook.com (2603:10b6:208:fe::19) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.3449.0; Wed, 23 Sep 2020 17:22:16 +0000
Received: from MN2PR00MB0893.namprd00.prod.outlook.com
([fe80::dce8:3703:3ffa:67cd]) by MN2PR00MB0893.namprd00.prod.outlook.com
([fe80::dce8:3703:3ffa:67cd%9]) with mapi id 15.20.3453.000; Wed, 23 Sep 2020
17:22:16 +0000
From: Tim Cappalli <Tim.Cappalli@microsoft.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, "Richard Backman, Annabelle"
<richanna=40amazon.com@dmarc.ietf.org>, "id-event@ietf.org"
<id-event@ietf.org>
CC: Marius Scurtescu <marius.scurtescu@coinbase.com>
Thread-Topic: [Id-event] New Version Notification for
draft-ietf-secevent-subject-identifiers-06.txt
Thread-Index: AQHWkXiDe0JYKR8g00qgHUBEgf2JTql2eScr
Date: Wed, 23 Sep 2020 17:22:16 +0000
Message-ID: <MN2PR00MB08931192A0DC11FCFEE9259895381@MN2PR00MB0893.namprd00.prod.outlook.com>
References: <C1EC0CE3-2C6F-411A-B5AD-E9CCEC55F5B5@gmail.com>
In-Reply-To: <C1EC0CE3-2C6F-411A-B5AD-E9CCEC55F5B5@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;
MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-09-23T17:22:15.550Z;
MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General;
MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;
MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
authentication-results: gmail.com; dkim=none (message not signed)
header.d=none;gmail.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [100.0.202.137]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: f96d1ace-4d34-4829-351d-08d85fe537fd
x-ms-traffictypediagnostic: MN2PR00MB0574:
x-microsoft-antispam-prvs: <MN2PR00MB0574E3D0BF04FAF7BE34829F95381@MN2PR00MB0574.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: l+e31sHrtWwSnI1ay6wAYZmEUeNZQWe6oWkB0PXCA5PP+vsoTFwGaiACTmmZ+GygC+EawRbDQLSDdDypuyX0RElPy12KWXzRr2FyePy9SnQ1jGiyaw/SEYBZ0CRLCPvBMZu4EtSHrD5A/R+owNEZcfRzrvj/96sWONHlRlb77N97E9f2C1rtV7A/zr9JreqWTbKDzTSPXxWJuAfC8utO1WkHp2/UVDRKI0jQhcj7tWIszO6fruIjm8lMXU+huLOkeW8EXTVcpdUo9nvcATmRj5SNG7M8zmdJY7nPRpSUAuEBMlbUuqGnQ55MspWk7an4A4X/q5B+RBwx3QIPEDWTkzebvYXN6vKTdodSYbL2bhJBsKzK9IVjqd+6dxRIfjw2iMpfxBoX0X0+x7YeAvDzAQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM;
H:MN2PR00MB0893.namprd00.prod.outlook.com; PTR:; CAT:NONE;
SFS:(4636009)(136003)(376002)(346002)(396003)(39860400002)(366004)(82960400001)(26005)(55016002)(52536014)(2906002)(15650500001)(33656002)(110136005)(9686003)(71200400001)(10290500003)(316002)(83080400001)(19627235002)(7696005)(8676002)(186003)(8936002)(82950400001)(91956017)(5660300002)(4326008)(53546011)(966005)(86362001)(8990500004)(76116006)(83380400001)(19627405001)(66476007)(66574015)(166002)(6506007)(66446008)(478600001)(66556008)(66946007)(64756008);
DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: n9qG+DgD4wYh0BMkawUIokD75qETZnC7VMCcvQOEtXgEN0vLPvEl9iWrGxSQe39XEWXMZ8woXBPrpsXUHNYI5ndBtyeGRO+iTk4tJCj3e615Ja59UuAGlPAlNIzf9r6wcMwUqqKPyC0a1fAMTlux3/O2iehhKE5DfoSB/slB2RcNiyQiUv7mZLwxkygURaE4O0u/SUSV4FIg4dYvdFvvqtkoigyGcEGtoUYnubPCByrta8GzfVxbIqeU0eRv4Oq4Y5wcxFaR+nJgjmkSAtuWlR8iTgJErpF/KmU814RoRcJ2HTQpJj37ZhhdRhPUb4rv4pGipqJgT4AtEK9iJ7iy16/5KRkMx4OGudO1xE6PmaE6Ot0mXkr1ESRkPISUn0WBGjaH0X+FezchD+/TCx28ElayAJcBJsP9kpQkCYApDRwqVtrC0FoOqhAuaoKsMhlbhfOp/mHxk3fxEBwYjYDUQ90BhNApPXOsHNU0xkUtvdaHKSmoRbQ5Ry14xpjSTyRnXIdS1k8IN881ZfV8upLWYK4YN9W86w/qEAn6uqaJ2Vh2+HmN1D3HLhNVwarhnKTPo7tQ+tC8Atd02N/RKYPoUg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative;
boundary="_000_MN2PR00MB08931192A0DC11FCFEE9259895381MN2PR00MB0893namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR00MB0893.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f96d1ace-4d34-4829-351d-08d85fe537fd
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2020 17:22:16.2596 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KiIXBcP2lxAJV4wE3yaelPZqBQM9H5QADQtUKhd5PeN4tqDy8F+QOGGt7QoNQzSo/NpLEN84xfWeexgTLZ4BsQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR00MB0574
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/ZbBdwn8b0oJUDXusLtbWZOcuU1o>
Subject: Re: [Id-event] New Version Notification for
draft-ietf-secevent-subject-identifiers-06.txt
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common
identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>,
<mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>,
<mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2020 17:22:23 -0000
+1 to identifier_type ________________________________ From: Id-event <id-event-bounces@ietf.org> on behalf of Yaron Sheffer <yaronf.ietf@gmail.com> Sent: Wednesday, September 23, 2020 03:07 To: Richard Backman, Annabelle <richanna=40amazon.com@dmarc.ietf.org>rg>; id-event@ietf.org <id-event@ietf.org> Cc: Marius Scurtescu <marius.scurtescu@coinbase.com> Subject: Re: [Id-event] New Version Notification for draft-ietf-secevent-subject-identifiers-06.txt I don’t know if it’s a “grave error”, but “identifier_type” would be a much better choice. Thanks, Yaron From: Id-event <id-event-bounces@ietf.org> on behalf of "Richard Backman, Annabelle" <richanna=40amazon.com@dmarc.ietf.org> Date: Wednesday, September 23, 2020 at 03:37 To: "id-event@ietf.org" <id-event@ietf.org> Cc: Marius Scurtescu <marius.scurtescu@coinbase.com> Subject: Re: [Id-event] New Version Notification for draft-ietf-secevent-subject-identifiers-06.txt Hello Security Events working group, A couple weeks ago I published this update to the Subject Identifiers draft based on feedback from the recent email discussions. Unfortunately I failed to notice that a notification of the update did not go out to the working group mailing list – sorry about that! In addition to various editorial fixes, I made a few more substantial edits based on working group feedback: 1. Expanded the introduction section with several examples of subject identifiers in use, and a section describing the difference between a subject identifier type – the type of identifier used to identify a subject, e.g., email address, phone number, SHA-256 thumbprint – and a subject type – the type of thing your subject principal is, e.g., user, group, server. * In making these changes, I realized I made a grave error in naming the type member “subject_type”. I did not change its name in this draft, as I wanted to discuss this on list before doing so. 1. Removed the word “claim” except when used in reference to a JWT claim. * Noticed while writing this that I missed a couple uses in the abstract. Oops. 1. Introduced some normative requirements around the use of both `sub` and `sub_id` in the same JWT: "implementations MUST NOT rely on both claims to determine the subject,” though falling back to one if the other isn’t understood (e.g., sub_id has an unknown subject identifier type) is allowed. 2. Added security considerations. Interested in feedback on this. The security considerations really depend on the context in which subject identifiers are used, so I’m trying to strike a balance between referencing likely relevant considerations and providing useful information without copying in a bunch of content that may or may not apply. – Annabelle Backman (she/her) AWS Identity https://aws.amazon.com/identity/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Faws.amazon.com%2Fidentity%2F&data=02%7C01%7Ctim.cappalli%40microsoft.com%7Cc2206ccb635a4b76ce2108d85f8f5a5b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364417837367455&sdata=j9WVZYNqkvfIXMKsLRVTUjEYWj2u1sd7y6HWHsiqar4%3D&reserved=0> On Sep 4, 2020, at 6:34 PM, internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> wrote: CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. A new version of I-D, draft-ietf-secevent-subject-identifiers-06.txt has been successfully submitted by Annabelle Backman and posted to the IETF repository. Name: draft-ietf-secevent-subject-identifiers Revision: 06 Title: Subject Identifiers for Security Event Tokens Document date: 2020-09-04 Group: Individual Submission Pages: 19 URL: https://www.ietf.org/id/draft-ietf-secevent-subject-identifiers-06.txt<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fid%2Fdraft-ietf-secevent-subject-identifiers-06.txt&data=02%7C01%7Ctim.cappalli%40microsoft.com%7Cc2206ccb635a4b76ce2108d85f8f5a5b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364417837367455&sdata=wSiMxuluYHOGz8ORb1Y2zMVOHvWnO4Be3pU0Fb8ASh4%3D&reserved=0> Status: https://datatracker.ietf.org/doc/draft-ietf-secevent-subject-identifiers/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-secevent-subject-identifiers%2F&data=02%7C01%7Ctim.cappalli%40microsoft.com%7Cc2206ccb635a4b76ce2108d85f8f5a5b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364417837377448&sdata=E679rAOGfJWLw6qhnFi%2BVhBvHyvhZjvbr2xGiLlkG84%3D&reserved=0> Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-secevent-subject-identifiers<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-secevent-subject-identifiers&data=02%7C01%7Ctim.cappalli%40microsoft.com%7Cc2206ccb635a4b76ce2108d85f8f5a5b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364417837377448&sdata=J0mVQgiOWyzrYDR77oNG0M9wilhQX4vAJf1IEnudwBo%3D&reserved=0> Htmlized: https://tools.ietf.org/html/draft-ietf-secevent-subject-identifiers-06<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-secevent-subject-identifiers-06&data=02%7C01%7Ctim.cappalli%40microsoft.com%7Cc2206ccb635a4b76ce2108d85f8f5a5b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364417837387448&sdata=kipyIzUcRpAtxRX%2FXpCL9BI3gyEeAzmDhdDv4i0nRSM%3D&reserved=0> Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-secevent-subject-identifiers-06<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-ietf-secevent-subject-identifiers-06&data=02%7C01%7Ctim.cappalli%40microsoft.com%7Cc2206ccb635a4b76ce2108d85f8f5a5b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364417837387448&sdata=d5iGCKxOi274Vb70%2FcGVjc%2BIkAk49zqxVAqRMistj5Y%3D&reserved=0> Abstract: Security events communicated within Security Event Tokens may support a variety of identifiers to identify the subject and/or other principals related to the event. This specification formalizes the notion of subject identifiers as named sets of well-defined claims describing the subject, a mechanism for representing subject identifiers within a JSON object such as a JSON Web Token (JWT) or Security Event Token (SET), and a registry for defining and allocating names for these claim sets. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftools.ietf.org%2F&data=02%7C01%7Ctim.cappalli%40microsoft.com%7Cc2206ccb635a4b76ce2108d85f8f5a5b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364417837397438&sdata=wsKhdFOu8QWT9TaOWWOoEYsNqBQfVSovT7MLuITwMOw%3D&reserved=0>amp;reserved=0>. The IETF Secretariat _______________________________________________ Id-event mailing list Id-event@ietf.org https://www.ietf.org/mailman/listinfo/id-event
- Re: [Id-event] New Version Notification for draft… Richard Backman, Annabelle
- Re: [Id-event] New Version Notification for draft… Yaron Sheffer
- Re: [Id-event] New Version Notification for draft… Tim Cappalli
- Re: [Id-event] New Version Notification for draft… Justin Richer