Re: [Id-event] I-D Action: draft-ietf-secevent-delivery-00.txt (and Verify Event)
Mike Jones <Michael.Jones@microsoft.com> Mon, 31 July 2017 19:05 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F30FF132784 for <id-event@ietfa.amsl.com>; Mon, 31 Jul 2017 12:05:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9NqeecyqhNrM for <id-event@ietfa.amsl.com>; Mon, 31 Jul 2017 12:05:35 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0122.outbound.protection.outlook.com [104.47.42.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98352132789 for <id-event@ietf.org>; Mon, 31 Jul 2017 12:05:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=vo09t/dDVg3K+j+2WFpcVfW1jOgYFSRe64zxUOcAg5s=; b=EvGf7zb06FcKpIaxcfCcf9F+/2PP7FIj10r500roK29LghaVn0jeA72JdaIKUsRuasMu5z2iD1UiG1OnECpnq1No2Mjbl4CWZWr11LeVpGe3YIo8JbzJplJtjqmjqKtX05TnyqEUGcoDC/uE0qW6DTXHJKbMruoGNCshQvsmucE=
Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0150.namprd21.prod.outlook.com (10.173.189.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1341.0; Mon, 31 Jul 2017 19:05:34 +0000
Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.01.1341.000; Mon, 31 Jul 2017 19:05:34 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, Phil Hunt <phil.hunt@oracle.com>, ID Events Mailing List <id-event@ietf.org>
CC: Marius Scurtescu <mscurtescu@google.com>
Thread-Topic: [Id-event] I-D Action: draft-ietf-secevent-delivery-00.txt (and Verify Event)
Thread-Index: AQHTChj7yJJsxaHupEakzcQqRzs3sKJuI7EAgAAkmOA=
Date: Mon, 31 Jul 2017 19:05:33 +0000
Message-ID: <CY4PR21MB05040488261E57DA81923E5AF5B20@CY4PR21MB0504.namprd21.prod.outlook.com>
References: <150130555312.20751.6664832712498006194@ietfa.amsl.com> <FE9A1FB8-0DC5-48F6-853F-6E1733DA5A5B@oracle.com> <f5782aca-d71e-0f98-b7a3-4f03ae289540@gmail.com>
In-Reply-To: <f5782aca-d71e-0f98-b7a3-4f03ae289540@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Ref=https://api.informationprotection.azure.com/api/72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-07-31T12:05:29.3742310-07:00; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:8::36]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0150; 6:lT5axuUkoYUA1H53t7SOd5zg26kIIP0ZVc3sVrHFm9cvOevm4H+jlf0vNw9VlBArBMt62TmDMxFYK1a5aWA3FPdvR0r6t/UssXvq592NKKxesRyuMY0Kpcvg9CwfURqKyjo0niZDAa7+QSisM050fUd8TsWHAtmoNm8d114EB5kfjP640e3xUPWi1C2DeVyDuKZw3hrpBLcKDrMQmTOrcaY4fnwSMr/JNVhOBgPMVGX4GAkTj+VdcQShSKWE8SK2iiEJCxtk4fSdqKRUt0KPCv1xAglWAiwhko2bRZSuYIrggzJ+SCRWchYt1BmgslozR1T9l+smLnBgcVQl63/K1A==; 5:Biv99cUvs/4bJ5r1P1lNzCGgJ+hCA6QezgVNS3z4ZeF9G9zQbwGZyiNDgzgv66XW+zF3phHvtsa9Ugtxr142YEZQWNkhbmzfP1a8zwt5P/ZFzgDJ7JbvRLvMI4LJ3OHT/+miV+YQBFGf/GTn2dMtfw==; 24:xCclyKmyuA4o1BQGqX+ZoWMSnr49WwS6dPOEWeXWU+zhAAtKTF8hhKZZE50+XjQc056jD/M9MSc7cVFpdd0Pazd/9rPCkYygyeIY2PtBw8M=; 7:lCnG2OgEhItlrx19rDcQM3e8GHnmZXvX1/hYPf/uTU9hCxEbKoheeg9VmhV3R3g338obQVohI8egVabrV84/80O+/7nBMrH/7AC+hNtFVgUFEILkd+LHD52wWEYNuadb8E7hVALn0y8cS8zY302DOXQ8GWeZZCIZ5UvXiS0wc2p8SMfbDPUPRliq+no/o8sRY6ct+GPGZe8wTjpJAtm6olm8uEjUdwlG0YHJyl3k7Uw=
x-ms-office365-filtering-correlation-id: a0182fe6-5ba8-4490-137e-08d4d8471f1d
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:CY4PR21MB0150;
x-ms-traffictypediagnostic: CY4PR21MB0150:
x-exchange-antispam-report-test: UriScan:(10436049006162)(192374486261705)(211936372134217)(153496737603132)(146099531331640);
x-microsoft-antispam-prvs: <CY4PR21MB015085DEA86F0887D14D789EF5B20@CY4PR21MB0150.namprd21.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(601004)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(100000703101)(100105400095)(10201501046)(920507026)(6055026)(61426038)(61427038)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123558100)(20161123562025)(20161123555025)(20161123560025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR21MB0150; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR21MB0150;
x-forefront-prvs: 03853D523D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39850400002)(39400400002)(39410400002)(39450400003)(39860400002)(39840400002)(47760400005)(189002)(377454003)(13464003)(24454002)(377424004)(199003)(76176999)(86612001)(54356999)(72206003)(4326008)(25786009)(102836003)(6116002)(3660700001)(8936002)(68736007)(101416001)(230783001)(86362001)(575784001)(34040400001)(81156014)(6306002)(81166006)(7696004)(10290500003)(2950100002)(99286003)(55016002)(38730400002)(6246003)(50986999)(53936002)(14454004)(39060400002)(33656002)(9686003)(15974865002)(53546010)(2906002)(478600001)(106356001)(105586002)(10090500001)(7110500001)(8676002)(2420400007)(189998001)(7736002)(74316002)(3280700002)(229853002)(8990500004)(2900100001)(15650500001)(966005)(97736004)(5005710100001)(6436002)(77096006)(5660300001)(6506006)(305945005)(19627235001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0150; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jul 2017 19:05:34.0484 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0150
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/q7DAjjmtE5IoovkKV28kaTVVjBE>
Subject: Re: [Id-event] I-D Action: draft-ietf-secevent-delivery-00.txt (and Verify Event)
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jul 2017 19:05:38 -0000
I am strongly opposed to defining a normative event in the SET spec, as it would be a layering violation. The purpose of the SET spec is to define syntax and semantics that applies to *all* SETs. The purpose of defining specific events is to meet the needs of a particular event profile for a particular class of applications. Any normative event definition would have to meet all the Requirements for SET Profiles (as described at https://tools.ietf.org/html/draft-ietf-secevent-token-02#section-3), including defining the key management discipline for that event's profile. (As Leif discussed in Prague, even for identity scenarios, there are numerous potential key management strategies, some depending upon Web PKI and some not.) Adding all this to the SET spec would be a confusing distraction. Among other things, it would raise the mostly unanswerable question "Why is this event more special than others?". -- Mike -----Original Message----- From: Id-event [mailto:id-event-bounces@ietf.org] On Behalf Of Yaron Sheffer Sent: Monday, July 31, 2017 9:42 AM To: Phil Hunt <phil.hunt@oracle.com>; ID Events Mailing List <id-event@ietf.org> Cc: Marius Scurtescu <mscurtescu@google.com> Subject: Re: [Id-event] I-D Action: draft-ietf-secevent-delivery-00.txt (and Verify Event) Hi Phil, From a procedural point of view (not taking any stand on whether this is a good change or not), the SET draft is absolutely open to changes. At most, we might decide that there've been too many changes and will call for a second WGLC at some point. Not a big deal. Thanks, Yaron On 31/07/17 19:20, Phil Hunt wrote: > As requested by Yaron, I have posted the delivery draft unchanged as > the WG draft. > > Marius made a suggestion that as per discussion in Prague that the > Verify Event be removed from the Delivery draft and potentially placed > in an upcoming control plane draft (to be proposed). > > After some thinking, I propose the Verify Event be placed into the SET > Token draft. It would actually be a good thing to have at least one > “normative” event defined in SET Token. > > If the group is agreeable, I am happy to propose some modified Verify > Event definition text to move into the SET Token spec. Note: SET > Token is or is about to be WGLC. Chairs: Can we consider this? > > I would suggest we only move Verify to Control Plane if there is a > specific reason (eg. distinct or separate use cases that may be > specific to some profiles) why it is better suited there. > > If there is no objection, I will: > * Remove the Verify Event from the Delivery Spec on its next regular > update > * Update SET Token Spec with Verify Event, subject to guidance in > regards to WGLC. > > Phil > > Oracle Corporation, Identity Cloud Services Architect & Standards > @independentid www.independentid.com <http://www.independentid.com> > phil.hunt@oracle.com <mailto:phil.hunt@oracle.com> > >> On Jul 28, 2017, at 10:19 PM, internet-drafts@ietf.org >> <mailto:internet-drafts@ietf.org> wrote: >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Security Events WG of the IETF. >> >> Title : SET Token Delivery Using HTTP >> Authors : Phil Hunt >> Marius Scurtescu >> Morteza Ansari >> Anthony Nadalin >> Annabelle Richard Backman >> Filename : draft-ietf-secevent-delivery-00.txt >> Pages : 28 >> Date : 2017-07-28 >> >> Abstract: >> This specification defines how a series of security event tokens >> (SETs) may be delivered to a previously registered receiver using >> HTTP POST over TLS initiated as a push to the receiver, or as a poll >> by the receiver. The specification also defines how delivery can be >> assured subject to the SET Token Receiver's need for assurance. >> >> >> The IETF datatracker status page for this draft is: >> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf >> .org_doc_draft-2Dietf-2Dsecevent-2Ddelivery_&d=DwICAg&c=RoP1YumCXCgaW >> HvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4 >> C_lLIGk&m=-776NP5LxWSJp_f1PMNn10AECHMGYqhgPsPTqXr4srE&s=pc0m7nhCLHj3M >> ab6Ppgz8m3HF_kwzH4EKFO6jtzNYfE&e= >> >> >> There are also htmlized versions available at: >> https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_h >> tml_draft-2Dietf-2Dsecevent-2Ddelivery-2D00&d=DwICAg&c=RoP1YumCXCgaWH >> vlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C >> _lLIGk&m=-776NP5LxWSJp_f1PMNn10AECHMGYqhgPsPTqXr4srE&s=6jsUPOsyCumT0Z >> D-nr6TrlbMzPGgPWZ4OVQjSEr1aOo&e= >> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf >> .org_doc_html_draft-2Dietf-2Dsecevent-2Ddelivery-2D00&d=DwICAg&c=RoP1 >> YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEiv >> zjWwlNKe4C_lLIGk&m=-776NP5LxWSJp_f1PMNn10AECHMGYqhgPsPTqXr4srE&s=IX4v >> I17s3YIk7uq1W2aVRxUHH8ybXQZxgyNJLr1H_Ug&e= >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission until the htmlized version and diff are available at >> tools.ietf.org <http://tools.ietf.org>. >> >> Internet-Drafts are also available by anonymous FTP at: >> https://urldefense.proofpoint.com/v2/url?u=ftp-3A__ftp.ietf.org_inter >> net-2Ddrafts_&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10& >> r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=-776NP5LxWSJp_f1PMNn1 >> 0AECHMGYqhgPsPTqXr4srE&s=M-c_zQSJ7nJg1SbvMQqc2f2yJFUnTDPT9IMX_-h9Fyw& >> e= >> >> >> _______________________________________________ >> Id-event mailing list >> Id-event@ietf.org <mailto:Id-event@ietf.org> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mai >> lman_listinfo_id-2Devent&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpk >> KY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=-776NP5LxW >> SJp_f1PMNn10AECHMGYqhgPsPTqXr4srE&s=aTnebfvP2aZrcA1xIr41D3o8_5Qpyx_NG >> C7S1km7uKE&e= >> > _______________________________________________ Id-event mailing list Id-event@ietf.org https://www.ietf.org/mailman/listinfo/id-event
- [Id-event] I-D Action: draft-ietf-secevent-delive… internet-drafts
- Re: [Id-event] I-D Action: draft-ietf-secevent-de… Phil Hunt
- Re: [Id-event] I-D Action: draft-ietf-secevent-de… Yaron Sheffer
- Re: [Id-event] I-D Action: draft-ietf-secevent-de… Mike Jones
- Re: [Id-event] I-D Action: draft-ietf-secevent-de… Marius Scurtescu