Skip to main content

Security Events

Document Charter Security Events WG (secevent) Snapshot
Title Security Events
Last updated 2022-03-23
State Approved
WG State Active
IESG Responsible AD Roman Danyliw
Charter edit AD Roman Danyliw
Send notices to (None)

Many HTTP web services and APIs depend on a web security infrastructure that:
  * identifies security subjects and regulates their access to services
  * and provides profile and rights information to applications.

Examples are systems that leverage user-agent session cookies
(RFC6265), and OAuth2 (RFC6749). In order to prevent or mitigate
security risks, or to provide out-of-band information as 
necessary, these systems need to share security event messages. 
For example, an OAuth authorization server, having received a 
token revocation request (RFC7009) may need to inform affected
resource servers; a cloud provider may wish to inform another 
cloud provider of suspected fraudulent use of identity 
information; an identity provider may wish to signal a session 
logout to a relying party and does not wish to rely solely upon 
clearing a session cookie.

It is expected that several identity and security working groups and
organizations will use Identity Event Tokens to describe area-specific
events such as: SCIM Provisioning Events, OpenID RISC Events, and
OpenID Connect Backchannel Logout, among others.

The Security Events working group will produce a standards-track Event 
Token specification that includes:
 - A JWT extension for expressing security events
 - A syntax that enables event-specific data to be conveyed
This Event Token specification will be event transport independent.

The working group will also develop a simple standards-track Event 
Delivery specification that includes:
 - A mechanism for delivering events using HTTP POST (push)
 - Metadata for describing event feeds
 - Methods for subscribing to and managing event feeds
 - Methods for validating event feed subscriptions