Security Events

The information below is for an old version of the document
Document Proposed charter Security Events WG (secevent) Snapshot
Title Security Events
Last updated 2016-10-14
State External Review (Message to Community, Selected by Secretariat) Rechartering
WG State Active
IESG Responsible AD Benjamin Kaduk
Charter Edit AD Kathleen Moriarty
Send notices to (None)


Many identity related protocols require a mechanism to convey messages 
between systems in order to prevent or mitigate security risks, or to 
provide out-of-band information as necessary. For example, an OAuth 
authorization server, having received a token revocation request 
(RFC7009) may need to inform affected resource servers; a cloud provider 
may wish to inform another cloud provider of suspected fraudulent use of 
identity information; an identity provider may wish to signal a session 
logout to a relying party.

It is expected that several identity and security working groups and
organizations will use Identity Event Tokens to describe area-specific
events such as: SCIM Provisioning Events, OpenID RISC Events, and
OpenID Connect Backchannel Logout, among others.

The Security Events working group will produce a standards-track Event 
Token specification that includes:
 - A JWT extension for expressing security events
 - A syntax that enables event-specific data to be conveyed
This Event Token specification will be event transport independent.

The working group will also develop a simple standards-track Event 
Delivery specification that includes:
 - A method for delivering events using HTTP POST (push)
 - Metadata for describing event feeds
 - Methods for subscribing to and managing event feeds
 - Methods for validating event feed subscriptions