The ADs forwarded this to us for your information. *Please* direct your general 
discussions to the id-ev...@ietf.org and only bring conversations of overlap 
with I2NSF to this list.


> -------- Forwarded Message --------
> Subject: [dispatch] Straw man text for proposed charter: Security Event
> Date: Sun, 18 Sep 2016 15:36:13 +0100
> From: Alexey Melnikov <aamelni...@fastmail.fm>
> To: DISPATCH <dispa...@ietf.org>
> Hi,
> I received a proposal to charter a new WG.  Proponents are discussing it
> on id-ev...@ietf.org mailing list. Note, that at the moment it is not
> clear whether this will land in ART or SEC Area, this is to be decided.
> Please comment on the strawman Charter, which is shown below:
>  Chairs:
>      TBD
>  Applications and Real-Time Area Directors:
>      TBD
>  Applications and Real-Time Area Advisor:
>      TBD
>  Mailing Lists:
>      General Discussion: id-ev...@ietf.org
>      To Subscribe:       https://www.ietf.org/mailman/listinfo/id-event
>      Archive:
> https://mailarchive.ietf.org/arch/browse/id-event/
> Description of Working Group:
> Many identity related protocols require a mechanism to convey
> messages between systems in order to prevent or mitigate security
> risks, or to provide out-of-band information as necessary. For
> example, an OAuth authorization server, having received a token
> revocation request (RFC7009) may need to inform affected resource
> servers; a cloud provider may wish to inform another cloud provider
> of suspected fraudulent use of identity information; an identity
> provider may wish to signal a session logout to a relying party.
> It is expected that several identity and security working groups and
> organizations will use Identity Event Tokens to describe area-specific
> events such as: SCIM Provisioning Events, OpenID RISC Events, and
> OpenID Connect Backchannel Logout, among others.
> The Security Event working group will produce a standards-track Event
> Token specification that includes:
>  - A JWT extension for expressing security events
>  - A syntax that enables event-specific data to be conveyed
> This Event Token specification will be event transport independent.
> The working group will also develop a simple standards-track Event
> Delivery specification that includes:
>  - A method for delivering events using HTTP POST (push)
>  - Metadata for describing event feeds
>  - Methods for subscribing to and managing event feeds
>  - Methods for validating event feed subscriptions
> Goals and Milestones:
> October 2016 - Initial adoption of event token and event delivery drafts
> February 2017 - WG last call of event token draft
> April 2017 - Event token draft to IESG as a proposed standard
> July 2017 - WG last call of event delivery draft
> September 2017 - Event delivery draft to IESG as a proposed standard
> November 2017 - Work completed; discuss rechartering if needed

I2nsf mailing list

Reply via email to