IETF Logo Mail Archive

[Id-event] Security Event Token (SET) spec simplifying claims usage

Mike Jones <Michael.Jones@microsoft.com> Sat, 03 February 2018 01:40 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98801126E01 for <id-event@ietfa.amsl.com>; Fri, 2 Feb 2018 17:40:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.74
X-Spam-Level:
X-Spam-Status: No, score=-1.74 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W1tM_aIkhfLk for <id-event@ietfa.amsl.com>; Fri, 2 Feb 2018 17:40:13 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0725.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe45::725]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9F5C126DFF for <id-event@ietf.org>; Fri, 2 Feb 2018 17:40:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=RYeiF5kqQmMEtvX9OWscnPbQZ84iPtIREU01IuoebZk=; b=RF9oa5ZsC8HC6cFchlCZqMY4W7R9/OvROhBJcKOUfSeBLJzcKj9AFFW25EVChyKtaAE5wwPOWXTjttona52F2AlqVQKOW4m/2ov1GFMpp64XnHQr40HorKwMPJhbTi2AzZkzYUUV00u9tqhSkOz0PgA6YFiquYjvKxcFi7OcQxs=
Received: from SN6PR2101MB0943.namprd21.prod.outlook.com (52.132.114.20) by SN6PR2101MB1085.namprd21.prod.outlook.com (52.132.115.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.485.5; Sat, 3 Feb 2018 01:40:11 +0000
Received: from SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::7068:47f5:3e1c:ce6a]) by SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::7068:47f5:3e1c:ce6a%6]) with mapi id 15.20.0485.006; Sat, 3 Feb 2018 01:40:11 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: SecEvent <id-event@ietf.org>
Thread-Topic: Security Event Token (SET) spec simplifying claims usage
Thread-Index: AdOcjWOUv2FLjUOWRlysi3A07mR5lg==
Date: Sat, 03 Feb 2018 01:40:11 +0000
Message-ID: <SN6PR2101MB09435F3CF0E84743B3913ABCF5F80@SN6PR2101MB0943.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-02-03T01:40:09.3445309Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:3::42a]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR2101MB1085; 7:mAXGx1iTZR0mg1guP7iFTdw4rqP9CYyaltKsHjoeNQtar8VwjAZTv4SQvYDGzcdySzQe1IEHCJz1OzKnFjbNL1cv9qQB9pEXDsKA9vYwIZZuFEcf4HwMDjtUM6i+KDEB2PZ3ZrJd41j+VtGGLQT9gF4Wkiz15PyuYYFnWTMqGAjCdlKAlmvlhj2nt+laeUvvRXtlGCSftnkvyqq5Gj4/BkrsG6e1g7RCK3GQs5Ud/T6WccgiY75NUXc9T2nIGCQp
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 14de8278-b004-4f01-519a-08d56aa710a3
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:SN6PR2101MB1085;
x-ms-traffictypediagnostic: SN6PR2101MB1085:
x-microsoft-antispam-prvs: <SN6PR2101MB1085A69D7E42459783F4D68EF5F80@SN6PR2101MB1085.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(192374486261705)(31418570063057)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231101)(2400082)(944501161)(6055026)(61426038)(61427038)(6041288)(20161123560045)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(6072148)(201708071742011); SRVR:SN6PR2101MB1085; BCL:0; PCL:0; RULEID:; SRVR:SN6PR2101MB1085;
x-forefront-prvs: 05724A8921
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(39860400002)(39380400002)(346002)(396003)(376002)(209900001)(189003)(199004)(9686003)(2906002)(14454004)(3660700001)(86362001)(15650500001)(6506007)(68736007)(97736004)(6436002)(55016002)(25786009)(106356001)(8936002)(5660300001)(2420400007)(186003)(6916009)(3280700002)(105586002)(81156014)(53376002)(81166006)(478600001)(33656002)(59450400001)(606006)(74316002)(7696005)(790700001)(6116002)(10290500003)(8676002)(7736002)(236005)(22452003)(6346003)(86612001)(6306002)(53936002)(7110500001)(54896002)(10090500001)(5250100002)(102836004)(2900100001)(72206003)(316002)(8990500004)(966005)(99286004)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR2101MB1085; H:SN6PR2101MB0943.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-message-info: /hS0WrbxdqvYHA5BcKDaxrRtDUQC8zo/960xLasDorCSnTWPRxWl7Q5+G0sllxyjl/WKNp5havMkAadNP14J7g==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SN6PR2101MB09435F3CF0E84743B3913ABCF5F80SN6PR2101MB0943_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 14de8278-b004-4f01-519a-08d56aa710a3
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Feb 2018 01:40:11.2983 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR2101MB1085
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/OfdYEeSVNEghRw7C5xvdHvfYn0c>
Subject: [Id-event] Security Event Token (SET) spec simplifying claims usage
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Feb 2018 01:40:15 -0000

The Security Event Token (SET) specification has been updated to simplify the definitions and usage of the "iat" (issued at) and "toe" (time of event) claims.  The full set of changes made was:

  *   Simplified the definitions of the "iat" and "toe" claims in ways suggested by Annabelle Backman.
  *   Added privacy considerations text suggested by Annabelle Backman.
  *   Updated the RISC event example, courtesy of Marius Scurtescu.
  *   Reordered the claim definitions to place the required claims first.
  *   Changed to using the RFC 8174 boilerplate instead of the RFC 2119 boilerplate.

Thanks to Annabelle Backman, Marius Scurtescu, Phil Hunt, and Dick Hardt for the discussions that led to these simplifications.

The specification is available at:

  *   https://tools.ietf.org/html/draft-ietf-secevent-token-05

An HTML-formatted version is also available at:

  *   http://self-issued.info/docs/draft-ietf-secevent-token-05.html

                                                                -- Mike

P.S.  This announcement was also posted at http://self-issued.info/?p=1773 and as @selfissued<https://twitter.com/selfissued>.

v2.23.0 | Report a Bug | By Email