Push And Pull Based Security Event Token (SET) Delivery
draft-tulshibagwale-saag-pushpull-delivery-03

Abstract

This specification defines how multiple Security Event Tokens (SETs) can be delivered and received to and by an intended recipeint using HTTP POST over TLS or WebSocket binding. This specification enabled following two use cases - * In situations where a transmitter of Security Event Tokens (SETs) to a network peer is also a receiver of SETs from the same peer, it is helpful to have an efficient way of sending and receiving SETs in one HTTP transaction. In many cases, such as when using the OpenID Shared Signals Framework (SSF), the situation where each entity is both a transmitter and receiver is getting increasingly common. * In situations where a transmitter of Security Event Tokens (SETs) wants to transmit multiple SETs to the reciever in a single HTTP call. Using current mechanisms such as "Push-Based Delivery of Security Event Tokens (SETs) Using HTTP" or "Poll-Based Delivery of Security Event Tokens (SETs) Using HTTP" both require two or more HTTP connections to exchange SETs between peers. This is inefficient due to the latency of setting up each communication. This specification enables mutiple events to be transmitted in bi-directional transmission and reception of multiple SETs in one HTTP connection, and enables them to do so over a single HTTP or WebSocket binding. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://sgnl- ai.github.io/pushpull/. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-tulshibagwale-saag- pushpull-delivery/. Source for this draft and an issue tracker can be found at https://github.com/SGNL-ai/pushpull.

Authors

Atul Tulshibagwale
Apoorva Deshpande
Aaron Parecki

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)