Re: [Id-event] New Version Notification for draft-ietf-secevent-subject-identifiers-06.txt
Yaron Sheffer <yaronf.ietf@gmail.com> Wed, 23 September 2020 07:07 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFA903A0CDD for <id-event@ietfa.amsl.com>; Wed, 23 Sep 2020 00:07:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.041
X-Spam-Level:
X-Spam-Status: No, score=-1.041 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MALFORMED_FREEMAIL=1.035, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_FRAUD_PHISH=0.01, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J0ki1VDGSP23 for <id-event@ietfa.amsl.com>; Wed, 23 Sep 2020 00:07:30 -0700 (PDT)
Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6B893A0CDC for <id-event@ietf.org>; Wed, 23 Sep 2020 00:07:29 -0700 (PDT)
Received: by mail-wm1-x32d.google.com with SMTP id z9so5866143wmk.1 for <id-event@ietf.org>; Wed, 23 Sep 2020 00:07:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :mime-version; bh=CYO6/l9DXTrmFzLswv4gJDxsiw2eIaMsZ7S+odqOqP0=; b=Hq8s9tVTcFJQfcUgBT9CEyUR0C6i5YU1XxzzOK8DrFeirq9rCLfX7lfRKBeYlCBuQQ 6aziJ9CUvr1DWoM3unxhdqQBEXHEnjAibGLR7E3VTFyuPYs7t39g+j2VDn+PgQ7UZGLq B++Ec3tBCwxwMCvISAPFt8N+VBz10jUzE/8dlTDOY+6Gf2UMaAIKSHcHd3/kRarcS0R/ PtHAOk/JFBylE4dlDTsZOJcRPp7WxtdS+tBdeHd+mZGQs4F7qz1tXP8KYZTsglztH3JX N35i1QLk5CsjA1prcsk2doWvWYcIwKjnx+SIyQgHmerfobPwfWVEv+C43w+zZcbYmqui aTdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:mime-version; bh=CYO6/l9DXTrmFzLswv4gJDxsiw2eIaMsZ7S+odqOqP0=; b=m0nuWx13sJrqPmWK8hqh+nZYD1BL907/BaVgFEIkGL6F2uzft8Tdd6spUlF0N0Jyd7 FGggyj9QeCOTXbDtSMWI/waGNMNg28WfHlcwDG8OhaIghF03aRwopOJfV2sar9exjXMV fnCkQ6m0Mmi3EUvIVxfKpzLM4snN1lirApcpSa9bdsRr9o0u5LRlclNwMttlM+JYysOS vnFEGOraEtBatLXadQ8Jrhy8xAjvHW8bg8Z2QutF/aVJH3txJ+pQ8Q4Z26u89Hmqr/1L Qihh45vcSZg1eBVPNa8O+AioZSr/EoJGRjZeFZRZsQ9ELrfvzc8db6J3ioy+CDsQNAXl eSYg==
X-Gm-Message-State: AOAM531pRe/otmsf5dngyAoRf9hpIc5VLTQoY+Fr3sa+1jfjeyB7pAFZ PUaOb3gG0Xk60gS+k9jo9WNyVFJ642I=
X-Google-Smtp-Source: ABdhPJzWoLtGGGG9mDp44h8phH9P9cojA22sdtscMEnFWhgM47cGqNfQCeq91uHymqvQjO67o4WGfQ==
X-Received: by 2002:a1c:480a:: with SMTP id v10mr4608287wma.141.1600844847993; Wed, 23 Sep 2020 00:07:27 -0700 (PDT)
Received: from [192.168.68.107] (bzq-79-180-86-177.red.bezeqint.net. [79.180.86.177]) by smtp.gmail.com with ESMTPSA id m18sm7078618wmg.32.2020.09.23.00.07.26 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Sep 2020 00:07:27 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/16.41.20091302
Date: Wed, 23 Sep 2020 10:07:25 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: "Richard Backman, Annabelle" <richanna=40amazon.com@dmarc.ietf.org>, "id-event@ietf.org" <id-event@ietf.org>
CC: Marius Scurtescu <marius.scurtescu@coinbase.com>
Message-ID: <C1EC0CE3-2C6F-411A-B5AD-E9CCEC55F5B5@gmail.com>
Thread-Topic: [Id-event] New Version Notification for draft-ietf-secevent-subject-identifiers-06.txt
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3683700446_924916903"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/n9EmZir2JIAh86EFcFknvWjfi4g>
Subject: Re: [Id-event] New Version Notification for draft-ietf-secevent-subject-identifiers-06.txt
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2020 07:07:32 -0000
I don’t know if it’s a “grave error”, but “identifier_type” would be a much better choice. Thanks, Yaron From: Id-event <id-event-bounces@ietf.org> on behalf of "Richard Backman, Annabelle" <richanna=40amazon.com@dmarc.ietf.org> Date: Wednesday, September 23, 2020 at 03:37 To: "id-event@ietf.org" <id-event@ietf.org> Cc: Marius Scurtescu <marius.scurtescu@coinbase.com> Subject: Re: [Id-event] New Version Notification for draft-ietf-secevent-subject-identifiers-06.txt Hello Security Events working group, A couple weeks ago I published this update to the Subject Identifiers draft based on feedback from the recent email discussions. Unfortunately I failed to notice that a notification of the update did not go out to the working group mailing list – sorry about that! In addition to various editorial fixes, I made a few more substantial edits based on working group feedback: Expanded the introduction section with several examples of subject identifiers in use, and a section describing the difference between a subject identifier type – the type of identifier used to identify a subject, e.g., email address, phone number, SHA-256 thumbprint – and a subject type – the type of thing your subject principal is, e.g., user, group, server. In making these changes, I realized I made a grave error in naming the type member “subject_type”. I did not change its name in this draft, as I wanted to discuss this on list before doing so. Removed the word “claim” except when used in reference to a JWT claim. Noticed while writing this that I missed a couple uses in the abstract. Oops. Introduced some normative requirements around the use of both `sub` and `sub_id` in the same JWT: "implementations MUST NOT rely on both claims to determine the subject,” though falling back to one if the other isn’t understood (e.g., sub_id has an unknown subject identifier type) is allowed. Added security considerations. Interested in feedback on this. The security considerations really depend on the context in which subject identifiers are used, so I’m trying to strike a balance between referencing likely relevant considerations and providing useful information without copying in a bunch of content that may or may not apply. – Annabelle Backman (she/her) AWS Identity https://aws.amazon.com/identity/ On Sep 4, 2020, at 6:34 PM, internet-drafts@ietf.org wrote: CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. A new version of I-D, draft-ietf-secevent-subject-identifiers-06.txt has been successfully submitted by Annabelle Backman and posted to the IETF repository. Name: draft-ietf-secevent-subject-identifiers Revision: 06 Title: Subject Identifiers for Security Event Tokens Document date: 2020-09-04 Group: Individual Submission Pages: 19 URL: https://www.ietf.org/id/draft-ietf-secevent-subject-identifiers-06.txt Status: https://datatracker.ietf.org/doc/draft-ietf-secevent-subject-identifiers/ Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-secevent-subject-identifiers Htmlized: https://tools.ietf.org/html/draft-ietf-secevent-subject-identifiers-06 Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-secevent-subject-identifiers-06 Abstract: Security events communicated within Security Event Tokens may support a variety of identifiers to identify the subject and/or other principals related to the event. This specification formalizes the notion of subject identifiers as named sets of well-defined claims describing the subject, a mechanism for representing subject identifiers within a JSON object such as a JSON Web Token (JWT) or Security Event Token (SET), and a registry for defining and allocating names for these claim sets. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ Id-event mailing list Id-event@ietf.org https://www.ietf.org/mailman/listinfo/id-event
- Re: [Id-event] New Version Notification for draft… Richard Backman, Annabelle
- Re: [Id-event] New Version Notification for draft… Yaron Sheffer
- Re: [Id-event] New Version Notification for draft… Tim Cappalli
- Re: [Id-event] New Version Notification for draft… Justin Richer