Security Events
charter-ietf-secevent-01

WG review announcement

From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Cc: id-event@ietf.org 
Subject: WG Review: Security Events (secevent)

A new IETF WG has been proposed in the Security Area. The IESG has not
made any determination yet. The following draft charter was submitted,
and is provided for informational purposes only. Please send your
comments to the IESG mailing list (iesg@ietf.org) by 2016-10-24.

Security Events (secevent)
-----------------------------------------------------------------------
Current status: Proposed WG

Chairs:
  TBD

Assigned Area Director:
  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>

Security Area Directors:
  Stephen Farrell <stephen.farrell@cs.tcd.ie>
  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
 
Mailing list:
  Address: id-event@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/id-event
  Archive: https://mailarchive.ietf.org/arch/browse/id-event/

Charter: https://datatracker.ietf.org/doc/charter-ietf-secevent/

Many identity related protocols require a mechanism to convey messages 
between systems in order to prevent or mitigate security risks, or to 
provide out-of-band information as necessary. For example, an OAuth 
authorization server, having received a token revocation request 
(RFC7009) may need to inform affected resource servers; a cloud provider 
may wish to inform another cloud provider of suspected fraudulent use of 
identity information; an identity provider may wish to signal a session 
logout to a relying party.

It is expected that several identity and security working groups and
organizations will use Identity Event Tokens to describe area-specific
events such as: SCIM Provisioning Events, OpenID RISC Events, and
OpenID Connect Backchannel Logout, among others.

The Security Events working group will produce a standards-track Event 
Token specification that includes:
 - A JWT extension for expressing security events
 - A syntax that enables event-specific data to be conveyed
This Event Token specification will be event transport independent.

The working group will also develop a simple standards-track Event 
Delivery specification that includes:
 - A method for delivering events using HTTP POST (push)
 - Metadata for describing event feeds
 - Methods for subscribing to and managing event feeds
 - Methods for validating event feed subscriptions


Milestones:
  Oct 2016 - Initial adoption of event token and event delivery drafts
  Feb 2017 - WG last call of event token draft
  Apr 2017 - Event token draft to IESG as a Proposed Standard
  Jul 2017 - WG last call of event delivery draft
  Sep 2017 - Event delivery draft to IESG as a Proposed Standard
  Nov 2017 - Recharter or Conclude


WG action announcement

From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Cc: secevent-chairs@ietf.org,
    "The IESG" <iesg@ietf.org>,
    id-event@ietf.org 
Subject: WG Action: Formed Security Events (secevent)

A new IETF WG has been formed in the Security Area. For additional
information, please contact the Area Directors or the WG Chair.

Security Events (secevent)
-----------------------------------------------------------------------
Current status: Proposed WG

Chairs:
  Yoav Nir <ynir.ietf@gmail.com>

Assigned Area Director:
  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>

Security Area Directors:
  Stephen Farrell <stephen.farrell@cs.tcd.ie>
  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
 
Mailing list:
  Address: id-event@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/id-event
  Archive: https://mailarchive.ietf.org/arch/browse/id-event/

Charter: https://datatracker.ietf.org/doc/charter-ietf-secevent/

Many HTTP web services and APIs depend on a web security infrastructure
that:
  * identifies security subjects and regulates their access to services
  * and provides profile and rights information to applications.

Examples are systems that leverage user-agent session cookies
(RFC6265), and OAuth2 (RFC6749). In order to prevent or mitigate
security risks, or to provide out-of-band information as 
necessary, these systems need to share security event messages. 
For example, an OAuth authorization server, having received a 
token revocation request (RFC7009) may need to inform affected
resource servers; a cloud provider may wish to inform another 
cloud provider of suspected fraudulent use of identity 
information; an identity provider may wish to signal a session 
logout to a relying party and does not wish to rely solely upon 
clearing a session cookie.

It is expected that several identity and security working groups and
organizations will use Identity Event Tokens to describe area-specific
events such as: SCIM Provisioning Events, OpenID RISC Events, and
OpenID Connect Backchannel Logout, among others.

The Security Events working group will produce a standards-track Event 
Token specification that includes:
 - A JWT extension for expressing security events
 - A syntax that enables event-specific data to be conveyed
This Event Token specification will be event transport independent.

The working group will also develop a simple standards-track Event 
Delivery specification that includes:
 - A mechanism for delivering events using HTTP POST (push)
 - Metadata for describing event feeds
 - Methods for subscribing to and managing event feeds
 - Methods for validating event feed subscriptions


Milestones:
  Feb 2017 - Initial adoption of event token and event delivery drafts
  Jun 2017 - WG last call of event token draft
  Aug 2017 - Event token draft to IESG as a Proposed Standard
  Nov 2017 - WG last call of event delivery draft
  Jan 2018 - Event delivery draft to IESG as a Proposed Standard
  Mar 2018 - Recharter or Conclude


Ballot announcement