Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Events IIW April 2016.

Published byAlan Malone Modified over 6 years ago

Similar presentations

Presentation on theme: "Identity Events IIW April 2016."— Presentation transcript:

1 Identity Events IIW April 2016

2 Background IETF94 – Tokyo
Informal get together to discuss common standard for OIDC Logout OAuth Revocation OIDF RISC Events SCIM Provisioning Events OIDF HEART Could we use JWT/JOSE to express and transport events?

3 What's Happening There is an IETF Mailing list called id-event
See: Morteza, William, and Phil presented a new proposal at IETF95 in Buenos Aires (last month) 3 individual draft documents submitted We received informal meeting consensus to form a working group Next step is to agree on a charter (to be posted to id-event list)

4 Events A proposal to define a common format for expressing events between publishers and subscribers Events describe something that has occurred E.g. Session Logout Token Revocation Account Take-over Provisioning Events (SCIM)

5 Event Features Minimal data exchange Subscriber independent action
Privacy by design Subscriber independent action subscriber decides action if any no state error signalling reverts to normal REST for secondary calls State remain independent and distinct Security and accuracy is improved

6 Current Drafts

7 ID Event Drafts draft-hunt-idevent-token
Identity Event Tokens based on JWT draft-hunt-idevent-distribution Message format (how to convey one or more) Subscription Metadata E.g. watermarking, detecting and reconciling Delivery Method Registry HTTP POST (Web Callback) HTTP GET (Polling) draft-hunt-idevent-scim Id Event token profile for SCIM

8 The Identity Event Is just a JWT token JWT attributes Event attributes
An EWT or Eee-aughT? JWT attributes jti, iat, nbf, sub, iss, aud iss is publisher, aud is the subscription Event attributes eventUris – the URIs of events contained in the message Each URI may have a JSON object that has event specific information

9 Example RISC Event The event type RISC Event Data {
"jti": "4d3559ec67504aaba65d40b0363faad8", "eventUris":[ "urn:ietf:params:event:RISC: _reassigned" ], "iat": , "iss": " "aud":[ " "sub": " ", "urn:ietf:params:event:RISC: _reassigned":{ " _hash":"39d4c90372a940205hdac835", }} The event type RISC Event Data

10 Example SCIM Create Event
{ "jti": "4d3559ec67504aaba65d40b0363faad8", "eventUris":[ "urn:ietf:params:event:SCIM:create" ], "iat": , "iss": " "aud":[ " " "sub": " "urn:ietf:params:event:SCIM:create":{ "attributes":["id","name","userName"," s"], "values":{ " s":[ "userName":"jdoe", "id":"44f6142df96bd6ab61e7521d9", "name":{ "givenName":"John", "familyName":"Doe" } }}} The event type SCIM Event Data

11 Example Extended Event
{ "jti": "3d0c3cf797584bd193bd0fb1bd4e7d30", "eventUris":[ "urn:ietf:params:event:SCIM:password", "urn:ietf:params:event:extension:example.com:password" ], "iat": , "iss": " "aud":[ " " "sub": " "urn:ietf:params:event:SCIM:password":{ "id":"44f6142df96bd6ab61e7521d9", }, "urn:ietf:params:event:extension:example.com:password":{ "resetAttempts":5 } SCIM Password Reset Event An extension

12 Event Delivery Message
{ "eventTkns":[ "eyJhbGciOiJub25lIn0 . eyJwdWJsaXNoZXJVcmkiOiJodHRwczovL3NjaW0uZXhhbXBsZS5jb20iLCJmZWV kVXJpcyI6WyJodHRwczovL2podWIuZXhhbXBsZS5jb20vRmVlZHMvOThkNTI0Nj FmYTViYmM4Nzk1OTNiNzc1NCIsImh0dHBzOi8vamh1Yi5leGFtcGxlLmNvbS9GZ WVkcy81ZDc2MDQ1MTZiMWQwODY0MWQ3Njc2ZWU3Il0sInJlc291cmNlVXJpcyI6 WyJodHRwczovL3NjaW0uZXhhbXBsZS5jb20vVXNlcnMvNDRmNjE0MmRmOTZiZDZ hYjYxZTc1MjFkOSJdLCJldmVudFR5cGVzIjpbIkNSRUFURSJdLCJhdHRyaWJ1dG VzIjpbImlkIiwibmFtZSIsInVzZXJOYW1lIiwicGFzc3dvcmQiLCJlbWFpbHMiX SwidmFsdWVzIjp7ImVtYWlscyI6W3sidHlwZSI6IndvcmsiLCJ2YWx1ZSI6Impk b2VAZXhhbXBsZS5jb20ifV0sInBhc3N3b3JkIjoibm90NHUybm8iLCJ1c2VyTmF tZSI6Impkb2UiLCJpZCI6IjQ0ZjYxNDJkZjk2YmQ2YWI2MWU3NTIxZDkiLCJuYW 1lIjp7ImdpdmVuTmFtZSI6IkpvaG4iLCJmYW1pbHlOYW1lIjoiRG9lIn19fQ ."], "eventCnt":1, "eventPend":false }

13 Discussion Items Distribution Schemes?
One-to-one, One-to-many, Many-to-Many*, P-2-P* Ability to lookup events by date or by etag Issue: Impact on scale and ability to story history vs. audit Ability to detect missing events E.g. each message gives the JTI of the last event delivered – issue: requires state Issued at Time the event happened or JWT issued? Need to distinguish? Privacy Considerations Even the resource identifier may be considered PII Is this a privacy by design, privacy enhancing approach?

Download ppt "Identity Events IIW April 2016."

Similar presentations

SIP and Instant Messaging. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
www.dynamicsoft.com VON Europe 2000 -- 06/19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.

VON Europe /19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.
www.dynamicsoft.com Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
Internet Printing Protocol Extensions BOF IETF46 in Washington, DC November 9, 1999.

Internet Printing Protocol Extensions BOF IETF46 in Washington, DC November 9, 1999.
Notification Explosion Calendaring –You have a new meeting request –Your meeting begins in 15 minutes SIP –Hello HTTP/WebDAV –A resource you want to edit.

Notification Explosion Calendaring –You have a new meeting request –Your meeting begins in 15 minutes SIP –Hello HTTP/WebDAV –A resource you want to edit.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
IETF OAuth Proof-of-Possession

IETF OAuth Proof-of-Possession
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
1 IETF OAuth Proof-of-Possession Hannes Tschofenig.

1 IETF OAuth Proof-of-Possession Hannes Tschofenig.
Hannes Tschofenig, Blaine Cook (IETF#79, Beijing).

Hannes Tschofenig, Blaine Cook (IETF#79, Beijing).
3GPP Presence Requirements Requirements for Presence Service based on 3GPP specifications and wireless environment characteristics draft-kiss-simple-presence-wireless-

3GPP Presence Requirements Requirements for Presence Service based on 3GPP specifications and wireless environment characteristics draft-kiss-simple-presence-wireless-
OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.

OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.
Email Basics Dayton Metro Library Place photo here August 10, 2015.

Basics Dayton Metro Library Place photo here August 10, 2015.
Notification Protocol in MMS June 2001 Erez Reinschmidt, Rami Neudorfer 3GPP TSG-T2 SWG3#7 Braunschweig, Germany 27-29 June, 2001 T2M010070.

Notification Protocol in MMS June 2001 Erez Reinschmidt, Rami Neudorfer 3GPP TSG-T2 SWG3#7 Braunschweig, Germany June, 2001 T2M
18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.

18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.
XMPP – Extensible Messaging and Presence Protocol Vidya Satyanarayanan.

XMPP – Extensible Messaging and Presence Protocol Vidya Satyanarayanan.
SCIM Use Cases Phil Hunt, Bhumip Khasnabish, Anthony.

SCIM Use Cases Phil Hunt, Bhumip Khasnabish, Anthony.
(Business) Process Centric Exchanges

(Business) Process Centric Exchanges
Intended Recipient and Folder Subscription (DSUB extension) 9th January, 2013 Mauro Zanardini (consorzio Arsenàl.IT)

Intended Recipient and Folder Subscription (DSUB extension) 9th January, 2013 Mauro Zanardini (consorzio Arsenàl.IT)
Open Pluggable Edge Services (opes) 61st IETF Meeting Washington, D.C., USA.

Open Pluggable Edge Services (opes) 61st IETF Meeting Washington, D.C., USA.

Similar presentations

Ads by Google