[secdir] [new-work] WG Review: Security Events (secevent)
The IESG <iesg@ietf.org> Fri, 14 October 2016 16:04 UTC
Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D2B33129862; Fri, 14 Oct 2016 09:04:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1476461076; bh=4aCJiF21+mQkF9qx+y5L9LOx+gNHh0HOZq3L/cCYdV4=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=s6nzSWQRTas6af7YkzLcGI5nDFQT3wzfq9szfkLKQsjPeKjNvdsPt5JofgD7tx2UB MpGFvoKJ5o1uL2622GNirGpTjT843deMo09edj64Sys6d29knTWSX3M5kdsCkZYIxC qs9fjKM1apePtt/gUbnFBF2kMPwuviGaCzxNAMS4=
X-Original-To: new-work@ietf.org
Delivered-To: new-work@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 72CD3129854 for <new-work@ietf.org>; Fri, 14 Oct 2016 09:04:28 -0700 (PDT)
MIME-Version: 1.0
From: The IESG <iesg@ietf.org>
To: new-work@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Reply_to: <iesg@ietf.org>
Message-ID: <147646106846.18628.17227237498582044071.idtracker@ietfa.amsl.com>
Date: Fri, 14 Oct 2016 09:04:28 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/new-work/a7wryPct3MZpd40LtoIZKgKM-Ic>
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.17
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: new-work-bounces@ietf.org
Sender: new-work <new-work-bounces@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/KgFEfSIa8OUZDN-pWCsNUPvZs_c>
X-Mailman-Approved-At: Fri, 14 Oct 2016 09:09:10 -0700
Subject: [secdir] [new-work] WG Review: Security Events (secevent)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 16:04:37 -0000
A new IETF WG has been proposed in the Security Area. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2016-10-24. Security Events (secevent) ----------------------------------------------------------------------- Current status: Proposed WG Chairs: TBD Assigned Area Director: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> Security Area Directors: Stephen Farrell <stephen.farrell@cs.tcd.ie> Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> Mailing list: Address: id-event@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/id-event Archive: https://mailarchive.ietf.org/arch/browse/id-event/ Charter: https://datatracker.ietf.org/doc/charter-ietf-secevent/ Many identity related protocols require a mechanism to convey messages between systems in order to prevent or mitigate security risks, or to provide out-of-band information as necessary. For example, an OAuth authorization server, having received a token revocation request (RFC7009) may need to inform affected resource servers; a cloud provider may wish to inform another cloud provider of suspected fraudulent use of identity information; an identity provider may wish to signal a session logout to a relying party. It is expected that several identity and security working groups and organizations will use Identity Event Tokens to describe area-specific events such as: SCIM Provisioning Events, OpenID RISC Events, and OpenID Connect Backchannel Logout, among others. The Security Events working group will produce a standards-track Event Token specification that includes: - A JWT extension for expressing security events - A syntax that enables event-specific data to be conveyed This Event Token specification will be event transport independent. The working group will also develop a simple standards-track Event Delivery specification that includes: - A method for delivering events using HTTP POST (push) - Metadata for describing event feeds - Methods for subscribing to and managing event feeds - Methods for validating event feed subscriptions Milestones: Oct 2016 - Initial adoption of event token and event delivery drafts Feb 2017 - WG last call of event token draft Apr 2017 - Event token draft to IESG as a Proposed Standard Jul 2017 - WG last call of event delivery draft Sep 2017 - Event delivery draft to IESG as a Proposed Standard Nov 2017 - Recharter or Conclude _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work