Hi, The ADs forwarded this to us for your information. *Please* direct your general discussions to the id-ev...@ietf.org and only bring conversations of overlap with I2NSF to this list.
Cheers, Adrian > -------- Forwarded Message -------- > Subject: [dispatch] Straw man text for proposed charter: Security Event > Date: Sun, 18 Sep 2016 15:36:13 +0100 > From: Alexey Melnikov <aamelni...@fastmail.fm> > To: DISPATCH <dispa...@ietf.org> > > Hi, > I received a proposal to charter a new WG. Proponents are discussing it > on id-ev...@ietf.org mailing list. Note, that at the moment it is not > clear whether this will land in ART or SEC Area, this is to be decided. > Please comment on the strawman Charter, which is shown below: > > Chairs: > TBD > > Applications and Real-Time Area Directors: > TBD > > Applications and Real-Time Area Advisor: > TBD > > Mailing Lists: > General Discussion: id-ev...@ietf.org > To Subscribe: https://www.ietf.org/mailman/listinfo/id-event > Archive: > https://mailarchive.ietf.org/arch/browse/id-event/ > > Description of Working Group: > > Many identity related protocols require a mechanism to convey > messages between systems in order to prevent or mitigate security > risks, or to provide out-of-band information as necessary. For > example, an OAuth authorization server, having received a token > revocation request (RFC7009) may need to inform affected resource > servers; a cloud provider may wish to inform another cloud provider > of suspected fraudulent use of identity information; an identity > provider may wish to signal a session logout to a relying party. > > It is expected that several identity and security working groups and > organizations will use Identity Event Tokens to describe area-specific > events such as: SCIM Provisioning Events, OpenID RISC Events, and > OpenID Connect Backchannel Logout, among others. > > The Security Event working group will produce a standards-track Event > Token specification that includes: > - A JWT extension for expressing security events > - A syntax that enables event-specific data to be conveyed > This Event Token specification will be event transport independent. > > The working group will also develop a simple standards-track Event > Delivery specification that includes: > - A method for delivering events using HTTP POST (push) > - Metadata for describing event feeds > - Methods for subscribing to and managing event feeds > - Methods for validating event feed subscriptions > > Goals and Milestones: > October 2016 - Initial adoption of event token and event delivery drafts > February 2017 - WG last call of event token draft > April 2017 - Event token draft to IESG as a proposed standard > July 2017 - WG last call of event delivery draft > September 2017 - Event delivery draft to IESG as a proposed standard > November 2017 - Work completed; discuss rechartering if needed _______________________________________________ I2nsf mailing list I2nsf@ietf.org https://www.ietf.org/mailman/listinfo/i2nsf
