WGs marked with an
Secevent Status PagesSecurity Events (Active WG) |
Sec Area: Roman Danyliw, Benjamin Kaduk | 2016-Oct-28 —
Chairs:   |
Current official charter page
2020-01-10 charter
Security Events (secevent)
--------------------------
Charter
Current Status: Active
Chairs:
Dick Hardt <dick.hardt@gmail.com>
Yaron Sheffer <yaronf.ietf@gmail.com>
Security Area Directors:
Roman Danyliw <rdd@cert.org>
Benjamin Kaduk <kaduk@mit.edu>
Security Area Advisor:
Benjamin Kaduk <kaduk@mit.edu>
Mailing Lists:
General Discussion: id-event@ietf.org
To Subscribe: https://www.ietf.org/mailman/listinfo/id-event
Archive: https://mailarchive.ietf.org/arch/browse/id-event/
Description of Working Group:
Many HTTP web services and APIs depend on a web security infrastructure that:
* identifies security subjects and regulates their access to services
* and provides profile and rights information to applications.
Examples are systems that leverage user-agent session cookies
(RFC6265), and OAuth2 (RFC6749). In order to prevent or mitigate
security risks, or to provide out-of-band information as
necessary, these systems need to share security event messages.
For example, an OAuth authorization server, having received a
token revocation request (RFC7009) may need to inform affected
resource servers; a cloud provider may wish to inform another
cloud provider of suspected fraudulent use of identity
information; an identity provider may wish to signal a session
logout to a relying party and does not wish to rely solely upon
clearing a session cookie.
It is expected that several identity and security working groups and
organizations will use Identity Event Tokens to describe area-specific
events such as: SCIM Provisioning Events, OpenID RISC Events, and
OpenID Connect Backchannel Logout, among others.
The Security Events working group will produce a standards-track Event
Token specification that includes:
- A JWT extension for expressing security events
- A syntax that enables event-specific data to be conveyed
This Event Token specification will be event transport independent.
The working group will also develop a simple standards-track Event
Delivery specification that includes:
- A mechanism for delivering events using HTTP POST (push)
- Metadata for describing event feeds
- Methods for subscribing to and managing event feeds
- Methods for validating event feed subscriptions
Goals and Milestones:
Nov 2017 - WG last call of event delivery draft
Jan 2018 - Event delivery draft to IESG as a Proposed Standard
Mar 2018 - Recharter or Conclude
Done - Initial adoption of event token and event delivery drafts
Done - WG last call of event token draft
Done - Event token draft to IESG as a Proposed Standard
All charter page changes, including changes to draft-list, rfc-list and milestones: