* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Secevent Status Pages

Security Events (Active WG)
Sec Area: Eric Rescorla, Benjamin Kaduk | 2016-Oct-28 —  
Chairs
 
 


2018-03-21 charter

Security Events (secevent)
--------------------------

 Charter

 Current Status: Active

 Chairs:
     Dick Hardt <dick.hardt@gmail.com>
     Yaron Sheffer <yaronf.ietf@gmail.com>

 Security Area Directors:
     Benjamin Kaduk <kaduk@mit.edu>
     Eric Rescorla <ekr@rtfm.com>

 Security Area Advisor:
     Benjamin Kaduk <kaduk@mit.edu>

 Mailing Lists:
     General Discussion: id-event@ietf.org
     To Subscribe:       https://www.ietf.org/mailman/listinfo/id-event
     Archive:            https://mailarchive.ietf.org/arch/browse/id-event/

Description of Working Group:

  Many HTTP web services and APIs depend on a web security infrastructure that:
    * identifies security subjects and regulates their access to services
    * and provides profile and rights information to applications.

  Examples are systems that leverage user-agent session cookies
  (RFC6265), and OAuth2 (RFC6749). In order to prevent or mitigate
  security risks, or to provide out-of-band information as
  necessary, these systems need to share security event messages.
  For example, an OAuth authorization server, having received a
  token revocation request (RFC7009) may need to inform affected
  resource servers; a cloud provider may wish to inform another
  cloud provider of suspected fraudulent use of identity
  information; an identity provider may wish to signal a session
  logout to a relying party and does not wish to rely solely upon
  clearing a session cookie.

  It is expected that several identity and security working groups and
  organizations will use Identity Event Tokens to describe area-specific
  events such as: SCIM Provisioning Events, OpenID RISC Events, and
  OpenID Connect Backchannel Logout, among others.

  The Security Events working group will produce a standards-track Event
  Token specification that includes:
   - A JWT extension for expressing security events
   - A syntax that enables event-specific data to be conveyed
  This Event Token specification will be event transport independent.

  The working group will also develop a simple standards-track Event
  Delivery specification that includes:
   - A mechanism for delivering events using HTTP POST (push)
   - Metadata for describing event feeds
   - Methods for subscribing to and managing event feeds
   - Methods for validating event feed subscriptions


Goals and Milestones:
  Feb 2017 - Initial adoption of event token and event delivery drafts
  Jun 2017 - WG last call of event token draft
  Aug 2017 - Event token draft to IESG as a Proposed Standard
  Nov 2017 - WG last call of event delivery draft
  Jan 2018 - Event delivery draft to IESG as a Proposed Standard
  Mar 2018 - Recharter or Conclude


All charter page changes, including changes to draft-list, rfc-list and milestones:



Generated from PyHt script /wg/secevent/charters.pyht Latest update: 24 Oct 2012 16:51 GMT -