Re: [Id-event] RFC 9493 on Subject Identifiers for Security Event Tokens

This does seem like an error and should be fixed.

On Tue, Dec 12, 2023 at 2:58 PM Atul Tulshibagwale <atul@sgnl.ai> wrote:

> Hi Yaron,
> I was referring to the use of the term "Security Event Identifier Formats
> Repository" in the rest of the document. The errata has been updated to
> reflect this now.
>
> https://www.rfc-editor.org/errata/eid7727
>
> Thanks,
> Atul
>
> On Tue, Dec 12, 2023 at 10:59 AM Yaron Sheffer <yaronf.ietf@gmail.com>
> wrote:
>
>> Hi Atul,
>>
>>
>>
>> Back to your original mail, “there are a few more changes that will flow
>> from there, if this is considered to be an error.” Could you say what
>> these changes are, so we can deal with this all in one go?
>>
>>
>>
>> Thanks,
>>
>>                 Yaron
>>
>>
>>
>> *From: *Atul Tulshibagwale <atul@sgnl.ai>
>> *Date: *Tuesday, 12 December 2023 at 0:32
>> *To: *Yaron Sheffer <yaronf.ietf@gmail.com>
>> *Cc: *Prachi Jain <prachi.jain1288@gmail.com>, <id-event@ietf.org>
>> *Subject: *Re: [Id-event] RFC 9493 on Subject Identifiers for Security
>> Event Tokens
>>
>>
>>
>> Hi Yaron,
>>
>> I believe it is an error, because what is described in the RFC is not
>> "Security Event Identifiers", they are "Subject Identifiers" within
>> Security Event Tokens.
>>
>>
>>
>> I agree that the content of the registry matters more, but I am writing a
>> draft that relies on this RFC and this registry in particular. It uses the
>> same Subject Identifier formats, but not within SETs, and the API I'm
>> defining in my draft has nothing to do with Security Events. Therefore it
>> becomes confusing to the readers of my draft to be referencing an IANA
>> registry named "Security Event Identifier Format Registry".
>>
>>
>>
>> I've filed an errata now: https://www.rfc-editor.org/errata/eid7727. I'm
>> happy to discuss with the WG.
>>
>>
>>
>> Thanks,
>>
>> Atul
>>
>>
>>
>>
>>
>> On Mon, Dec 11, 2023 at 1:51 PM Yaron Sheffer <yaronf.ietf@gmail.com>
>> wrote:
>>
>> Hi Atul,
>>
>>
>>
>> I am personally on the fence here because the original context is
>> identifiers used in security events. See the RFC’s Introduction, where we
>> start with security events and then slowly broaden the scope. However, if
>> you think this is in error and should be fixed, feel free to file an errata
>> [1] and we will discuss it.
>>
>>
>>
>> Ultimately what counts is the IANA registry [2] and whether it is
>> comprehensible and useful.
>>
>>
>>
>> Thanks,
>>
>>                 Yaron
>>
>>
>>
>> [1] https://www.rfc-editor.org/errata.php#reportnew
>>
>> [2] https://www.iana.org/assignments/secevent/secevent.xhtml
>>
>>
>>
>> *From: *Atul Tulshibagwale <atul@sgnl.ai>
>> *Date: *Monday, 11 December 2023 at 21:54
>> *To: *Prachi Jain <prachi.jain1288@gmail.com>
>> *Cc: *Yaron Sheffer <yaronf.ietf@gmail.com>, <id-event@ietf.org>
>> *Subject: *Re: [Id-event] RFC 9493 on Subject Identifiers for Security
>> Event Tokens
>>
>>
>>
>> Thanks Yaron,
>>
>>
>>
>> I think I discovered an issue with the spec, just as I was trying to
>> refer to it:
>>
>>
>>
>> Section 8.1 is named "Security Event Identifier Formats Registry". Should
>> it be named "Subject Identifier Formats Registry"? There are a few more
>> changes that will flow from there, if this is considered to be an error.
>>
>>
>>
>> Atul
>>
>>
>>
>>
>>
>> On Thu, Dec 7, 2023 at 3:51 AM Prachi Jain <prachi.jain1288@gmail.com>
>> wrote:
>>
>> Thanks Yaron. Truly appreciate the guidance and support in getting this
>> past the finish line.
>>
>>
>>
>> On Thu, Dec 7, 2023 at 5:04 AM Yaron Sheffer <yaronf.ietf@gmail.com>
>> wrote:
>>
>> Congratulations on this last deliverable of the Security Events working
>> group. Thanks to Annabelle and Prachi who drove this document to completion!
>>
>>         Yaron
>>
>> On 07/12/2023, 3:06, "id-event-bounces@ietf.org <mailto:
>> id-event-bounces@ietf.org> on behalf of rfc-editor@rfc-editor.org
>> <mailto:rfc-editor@rfc-editor.org>" <id-event-bounces@ietf.org <mailto:
>> id-event-bounces@ietf.org> on behalf of rfc-editor@rfc-editor.org
>> <mailto:rfc-editor@rfc-editor.org>> wrote:
>>
>>
>> A new Request for Comments is now available in online RFC libraries.
>>
>>
>>
>>
>> RFC 9493
>>
>>
>> Title: Subject Identifiers for Security Event Tokens
>> Author: A. Backman, Ed.,
>> M. Scurtescu,
>> P. Jain
>> Status: Standards Track
>> Stream: IETF
>> Date: December 2023
>> Mailbox: richanna@amazon.com <mailto:richanna@amazon.com>,
>> marius.scurtescu@coinbase.com <mailto:marius.scurtescu@coinbase.com>,
>> prachi.jain1288@gmail.com <mailto:prachi.jain1288@gmail.com>
>> Pages: 18
>> Updates/Obsoletes/SeeAlso: None
>>
>>
>> I-D Tag: draft-ietf-secevent-subject-identifiers-18.txt
>>
>>
>> URL: https://www.rfc-editor.org/info/rfc9493 <
>> https://www.rfc-editor.org/info/rfc9493>
>>
>>
>> DOI: 10.17487/RFC9493
>>
>>
>> Security events communicated within Security Event Tokens may support
>> a variety of identifiers to identify subjects related to the event.
>> This specification formalizes the notion of Subject Identifiers as
>> structured information that describes a subject and named formats
>> that define the syntax and semantics for encoding Subject Identifiers
>> as JSON objects. It also establishes a registry for defining and
>> allocating names for such formats as well as the JSON Web Token (JWT)
>> "sub_id" Claim.
>>
>>
>> This document is a product of the Security Events Working Group of the
>> IETF.
>>
>>
>> This is now a Proposed Standard.
>>
>>
>> STANDARDS TRACK: This document specifies an Internet Standards Track
>> protocol for the Internet community, and requests discussion and
>> suggestions
>> for improvements. Please refer to the current edition of the Official
>> Internet Protocol Standards (https://www.rfc-editor.org/standards <
>> https://www.rfc-editor.org/standards>) for the
>> standardization state and status of this protocol. Distribution of this
>> memo is unlimited.
>>
>>
>> This announcement is sent to the IETF-Announce and rfc-dist lists.
>> To subscribe or unsubscribe, see
>> https://www.ietf.org/mailman/listinfo/ietf-announce <
>> https://www.ietf.org/mailman/listinfo/ietf-announce>
>> https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist <
>> https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist>
>>
>>
>> For searching the RFC series, see https://www.rfc-editor.org/search <
>> https://www.rfc-editor.org/search>
>> For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk <
>> https://www.rfc-editor.org/retrieve/bulk>
>>
>>
>> Requests for special distribution should be addressed to either the
>> author of the RFC in question, or to rfc-editor@rfc-editor.org <mailto:
>> rfc-editor@rfc-editor.org>. Unless
>> specifically noted otherwise on the RFC itself, all RFCs are for
>> unlimited distribution.
>>
>>
>>
>>
>> The RFC Editor Team
>> Association Management Solutions, LLC
>>
>>
>> _______________________________________________
>> Id-event mailing list
>> Id-event@ietf.org <mailto:Id-event@ietf.org>
>> https://www.ietf.org/mailman/listinfo/id-event <
>> https://www.ietf.org/mailman/listinfo/id-event>
>>
>>
>>
>>
>> _______________________________________________
>> Id-event mailing list
>> Id-event@ietf.org
>> https://www.ietf.org/mailman/listinfo/id-event
>>
>> _______________________________________________
>> Id-event mailing list
>> Id-event@ietf.org
>> https://www.ietf.org/mailman/listinfo/id-event
>>
>>