Security Events

The information below is for an old version of the document
Document Proposed charter Security Events WG (secevent) Snapshot
Title Security Events
Last updated 2016-10-14
State External review Rechartering
WG State Active
IESG Responsible AD Benjamin Kaduk
Charter Edit AD Kathleen Moriarty
Send notices to (None)


Many identity related protocols require a mechanism to convey messages 
between systems in order to prevent or mitigate security risks, or to 
provide out-of-band information as necessary. For example, an OAuth 
authorization server, having received a token revocation request 
(RFC7009) may need to inform affected resource servers; a cloud provider 
may wish to inform another cloud provider of suspected fraudulent use of 
identity information; an identity provider may wish to signal a session 
logout to a relying party.

It is expected that several identity and security working groups and
organizations will use Identity Event Tokens to describe area-specific
events such as: SCIM Provisioning Events, OpenID RISC Events, and
OpenID Connect Backchannel Logout, among others.

The Security Events working group will produce a standards-track Event 
Token specification that includes:
 - A JWT extension for expressing security events
 - A syntax that enables event-specific data to be conveyed
This Event Token specification will be event transport independent.

The working group will also develop a simple standards-track Event 
Delivery specification that includes:
 - A method for delivering events using HTTP POST (push)
 - Metadata for describing event feeds
 - Methods for subscribing to and managing event feeds
 - Methods for validating event feed subscriptions