Skip to main content

Push And Pull Based Security Event Token (SET) Delivery
draft-tulshibagwale-saag-pushpull-delivery-00

Document Type Active Internet-Draft (individual)
Author Atul Tulshibagwale
Last updated 2024-09-05
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-tulshibagwale-saag-pushpull-delivery-00
saag                                                    A. Tulshibagwale
Internet-Draft                                                      SGNL
Intended status: Informational                          5 September 2024
Expires: 9 March 2025

        Push And Pull Based Security Event Token (SET) Delivery
             draft-tulshibagwale-saag-pushpull-delivery-00

Abstract

   In situations where a transmitter of Security Event Tokens (SETs) to
   a network peer is also a receiver of SETs from the same peer, it is
   helpful to have an efficient way of sending and receiving SETs in one
   HTTP transaction.  Using current mechanisms such as "Push-Based
   Delivery of Security Event Tokens (SETs) Using HTTP" or "Poll-Based
   Delivery of Security Event Tokens (SETs) Using HTTP" both require two
   or more HTTP connections to exchange SETs between peers.  In many
   cases, such as when using the OpenID Shared Signals Framework (SSF),
   the situation where each entity is both a transmitter and receiver is
   getting increasingly common.  In addition, this specification enables
   the transmission and reception of multiple SETs in one HTTP
   connection.

About This Document

   This note is to be removed before publishing as an RFC.

   The latest revision of this draft can be found at https://sgnl-
   ai.github.io/pushpull/.  Status information for this document may be
   found at https://datatracker.ietf.org/doc/draft-tulshibagwale-saag-
   pushpull-delivery/.

   Source for this draft and an issue tracker can be found at
   https://github.com/SGNL-ai/pushpull.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

Tulshibagwale             Expires 9 March 2025                  [Page 1]
Internet-Draft                  pushpull                  September 2024

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 9 March 2025.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Notational Conventions  . . . . . . . . . . . . . . . . . . .   3
   3.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   4.  Pushpull Endpoint . . . . . . . . . . . . . . . . . . . . . .   4
   5.  Communication Object  . . . . . . . . . . . . . . . . . . . .   4
     5.1.  Example . . . . . . . . . . . . . . . . . . . . . . . . .   5
   6.  HTTP Request Response Binding . . . . . . . . . . . . . . . .   6
     6.1.  Initiating Communication  . . . . . . . . . . . . . . . .   6
     6.2.  Response Communication  . . . . . . . . . . . . . . . . .   6
       6.2.1.  Success Response  . . . . . . . . . . . . . . . . . .   6
       6.2.2.  Error Response  . . . . . . . . . . . . . . . . . . .   6
       6.2.3.  Out Of Order Responses  . . . . . . . . . . . . . . .   7
     6.3.  Example Request and Response  . . . . . . . . . . . . . .   7
       6.3.1.  Request . . . . . . . . . . . . . . . . . . . . . . .   7
       6.3.2.  Response  . . . . . . . . . . . . . . . . . . . . . .   9
   7.  WebSocket Binding . . . . . . . . . . . . . . . . . . . . . .   9
     7.1.  Using WebSockets  . . . . . . . . . . . . . . . . . . . .  10
       7.1.1.  Pushpull Subprotocol Handshake  . . . . . . . . . . .  10
   8.  Authentication and Authorization  . . . . . . . . . . . . . .  10
   9.  Delivery Reliability  . . . . . . . . . . . . . . . . . . . .  11
   10. All SETs Accounted For  . . . . . . . . . . . . . . . . . . .  11
   11. Uniqueness of SETs  . . . . . . . . . . . . . . . . . . . . .  11
   12. Security Considerations . . . . . . . . . . . . . . . . . . .  11
     12.1.  Authentication and Authorization . . . . . . . . . . . .  11
     12.2.  HTTP and TLS . . . . . . . . . . . . . . . . . . . . . .  12

Tulshibagwale             Expires 9 March 2025                  [Page 2]
Internet-Draft                  pushpull                  September 2024

     12.3.  Denial of Service  . . . . . . . . . . . . . . . . . . .  12
     12.4.  Temporary Disconnection  . . . . . . . . . . . . . . . .  12
   13. Privacy Considerations  . . . . . . . . . . . . . . . . . . .  12
   14. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  12
   15. Normative References  . . . . . . . . . . . . . . . . . . . .  12
   Contributors  . . . . . . . . . . . . . . . . . . . . . . . . . .  14
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  14

1.  Introduction

   Workloads that exchange SETs [RFC8417] with each other
   ("Transceivers") can do so efficiently using the protocol defined in
   this specification.  Although this specification works along the
   lines of the DeliveryPush [RFC8935] and DeliveryPoll [RFC8936]
   specifications, it makes a few important additions:

   *  A Transceiver initiating a communication can send multiple SETs in
      one HTTP connection to a Peer

   *  The Transceiver initiating communication can acknowledge
      previously received SETs in the same HTTP connection to the Peer

   *  The Peer responding to the communication can send multiple SETs in
      its response to a connection from the Transceiver

   *  The Peer responding to the communication can acknowledge
      previously received SETs in its response to the Transceiver

2.  Notational Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  Terminology

   Transceiver  A networked workload that can act both as a transmitter
      of SETs and a receiver of SETs.  It communicates with other
      trusted Transceivers to transmit and receive SETs using the
      protocol defined herein.

   Peer  Another name for a Transceiver, used to signify the other end
      of the communication from a Transceiver.

   Initiator  A Transceiver initiating communication with a Peer.

Tulshibagwale             Expires 9 March 2025                  [Page 3]
Internet-Draft                  pushpull                  September 2024

   Responder  A Transceiver responding to communication from a Peer.

   DeliveryPush  The IETF RFC titled "Push-Based Delivery of Security
      Event Tokens (SETs) Using HTTP" [RFC8935].

   DeliveryPoll  The IETF RFC titled "Poll-Based Delivery of Security
      Event Tokens (SETs) Using HTTP" [RFC8936].

4.  Pushpull Endpoint

   Each Transceiver that supports this specification MUST support a
   "Pushpull" endpoint.  This endpoint MUST be capable of serving HTTP
   [RFC9110] requests.  This endpoint MUST be TLS [RFC8446] enabled and
   MUST reject any communication not using TLS.

5.  Communication Object

   A Communication Object is a JSON object [RFC8259], and is a unit of
   communication used in this specification used both in requests and
   responses.  When used in a request, the Initiator MAY have additional
   fields defined the later sections below.  The common fields of this
   object are:

   sets  OPTIONAL.  A JSON object containing key-value pairs in which
      the key of a field is a string that contains the jti value of the
      SET that is specified in the value of the field.  This field MAY
      be omitted to indicate that no SETs are being delivered by the
      initiator in this communication.

   ack  OPTIONAL.  An array of strings, in which each string is the jti
      value of a previously received SET that is acknowledged in this
      object.  This array MAY be empty or this field MAY be omitted to
      indicate that no previously received SETs are being acknowledged
      in this communication.

   setErrs  OPTIONAL.  A JSON object containing key-value pairs in which
      the key of a field is a string that contains the jti value of a
      previously received SET that the sender of the communication
      object was unable to process.  The value of the field is a JSON
      object that has the following fields:

      err  OPTIONAL.  The short reason why the specified SET failed to
         be processed.

      description  OPTIONAL.  An explanation of why the SET failed to be
         processed.

Tulshibagwale             Expires 9 March 2025                  [Page 4]
Internet-Draft                  pushpull                  September 2024

5.1.  Example

   The following is a non-normative example of a Communication Object

   {
     "sets": {
       "4d3559ec67504aaba65d40b0363faad8":
       "eyJhbGciOiJub25lIn0.
       eyJqdGkiOiI0ZDM1NTllYzY3NTA0YWFiYTY1ZDQwYjAzNjNmYWFkOCIsImlhdC
       I6MTQ1ODQ5NjQwNCwiaXNzIjoiaHR0cHM6Ly9zY2ltLmV4YW1wbGUuY29tIiwi
       YXVkIjpbImh0dHBzOi8vc2NpbS5leGFtcGxlLmNvbS9GZWVkcy85OGQ1MjQ2MW
       ZhNWJiYzg3OTU5M2I3NzU0IiwiaHR0cHM6Ly9zY2ltLmV4YW1wbGUuY29tL0Zl
       ZWRzLzVkNzYwNDUxNmIxZDA4NjQxZDc2NzZlZTciXSwiZXZlbnRzIjp7InVybj
       ppZXRmOnBhcmFtczpzY2ltOmV2ZW50OmNyZWF0ZSI6eyJyZWYiOiJodHRwczov
       L3NjaW0uZXhhbXBsZS5jb20vVXNlcnMvNDRmNjE0MmRmOTZiZDZhYjYxZTc1Mj
       FkOSIsImF0dHJpYnV0ZXMiOlsiaWQiLCJuYW1lIiwidXNlck5hbWUiLCJwYXNz
       d29yZCIsImVtYWlscyJdfX19.",
       "3d0c3cf797584bd193bd0fb1bd4e7d30":
       "eyJhbGciOiJub25lIn0.
       eyJqdGkiOiIzZDBjM2NmNzk3NTg0YmQxOTNiZDBmYjFiZDRlN2QzMCIsImlhdC
       I6MTQ1ODQ5NjAyNSwiaXNzIjoiaHR0cHM6Ly9zY2ltLmV4YW1wbGUuY29tIiwi
       YXVkIjpbImh0dHBzOi8vamh1Yi5leGFtcGxlLmNvbS9GZWVkcy85OGQ1MjQ2MW
       ZhNWJiYzg3OTU5M2I3NzU0IiwiaHR0cHM6Ly9qaHViLmV4YW1wbGUuY29tL0Zl
       ZWRzLzVkNzYwNDUxNmIxZDA4NjQxZDc2NzZlZTciXSwic3ViIjoiaHR0cHM6Ly
       9zY2ltLmV4YW1wbGUuY29tL1VzZXJzLzQ0ZjYxNDJkZjk2YmQ2YWI2MWU3NTIx
       ZDkiLCJldmVudHMiOnsidXJuOmlldGY6cGFyYW1zOnNjaW06ZXZlbnQ6cGFzc3
       dvcmRSZXNldCI6eyJpZCI6IjQ0ZjYxNDJkZjk2YmQ2YWI2MWU3NTIxZDkifSwi
       aHR0cHM6Ly9leGFtcGxlLmNvbS9zY2ltL2V2ZW50L3Bhc3N3b3JkUmVzZXRFeH
       QiOnsicmVzZXRBdHRlbXB0cyI6NX19fQ."
     },
     "ack": [
       "f52901c4-3996-11ef-9454-0242ac120002",
       "0636e274-3997-11ef-9454-0242ac120002",
       "d563c724-79a0-4ff0-ba41-657fa5e2cb11"
     ],
     "setErrs": {
       "5c436b19-0958-4367-b408-2dd542606d3b" : {
         "err": "invalid subject",
         "description": "subject format not supported"
       }
     }
   }

                Figure 1: Example of a Communication Object

Tulshibagwale             Expires 9 March 2025                  [Page 5]
Internet-Draft                  pushpull                  September 2024

6.  HTTP Request Response Binding

   This section describes how Transceivers can use HTTP Requests and
   Responses to exchange Communication Objects described in Section 5.

6.1.  Initiating Communication

   A Transceiver can initiate communication with a Peer in order to:

   *  Acknowledge previously received SETs from the Peer.

   *  Send SETs to the Peer.

   *  Both acknowledge previously received SETs from the Peer and send
      SETs to the Peer.

   To initiate communication, the Initiator makes a HTTP POST request to
   the Responder's Pushpull Endpoint Section 4.  The body of this
   request is of the content type "application/json".  It contains a
   Communication Object Section 5, and the following additional field
   MAY be present:

   maxResponseEvents  OPTIONAL.  A number which specifies the maximum
      number of events the Responder can include in its response to the
      Initiator.  If this field is absent in the request, the Responder
      MAY include any number of events in the response.  If this field
      is present, then the Responder MUST NOT include more events than
      the value of "maxResponseEvents" in its response to the specific
      request.

6.2.  Response Communication

   A Responder MUST respond to a communication from an Initiator by
   sending an HTTP Response.

6.2.1.  Success Response

   If the Responder is successful in processing the request, it MUST
   return the HTTP status code 200 (OK).  The response MUST have the
   content-type "application/json" and the response MUST include a
   Communication Object Section 5.

6.2.2.  Error Response

   The Responder MUST respond with an error response if it is unable to
   process the request.  The error response MUST include the appropriate
   error code as described in Section 2.4 of DeliveryPush [RFC8935].

Tulshibagwale             Expires 9 March 2025                  [Page 6]
Internet-Draft                  pushpull                  September 2024

6.2.3.  Out Of Order Responses

   A Communication Object in a Response may contain jti values in its
   ack or setErrs that do not correspond to the SETs received in the
   same Request to which the Response is being sent.  They MAY consist
   of values received in previous Requests.

6.3.  Example Request and Response

   The following is a non-normative example of a request and its
   corresponding response

6.3.1.  Request

Tulshibagwale             Expires 9 March 2025                  [Page 7]
Internet-Draft                  pushpull                  September 2024

   POST /pushpull-endpoint HTTP/1.1
   Host: sharedsignals-transceiver.myorg.example
   Content-type: application/json
   Authorization: Bearer eyJraWQiOiIyMDIwXzEiLCJJhbGciOiJSUzI1NiJ9...

   {
     "ack": [],
     "sets": {
       "4d3559ec67504aaba65d40b0363faad8":
       "eyJhbGciOiJub25lIn0.
       eyJqdGkiOiI0ZDM1NTllYzY3NTA0YWFiYTY1ZDQwYjAzNjNmYWFkOCIsImlhdC
       I6MTQ1ODQ5NjQwNCwiaXNzIjoiaHR0cHM6Ly9zY2ltLmV4YW1wbGUuY29tIiwi
       YXVkIjpbImh0dHBzOi8vc2NpbS5leGFtcGxlLmNvbS9GZWVkcy85OGQ1MjQ2MW
       ZhNWJiYzg3OTU5M2I3NzU0IiwiaHR0cHM6Ly9zY2ltLmV4YW1wbGUuY29tL0Zl
       ZWRzLzVkNzYwNDUxNmIxZDA4NjQxZDc2NzZlZTciXSwiZXZlbnRzIjp7InVybj
       ppZXRmOnBhcmFtczpzY2ltOmV2ZW50OmNyZWF0ZSI6eyJyZWYiOiJodHRwczov
       L3NjaW0uZXhhbXBsZS5jb20vVXNlcnMvNDRmNjE0MmRmOTZiZDZhYjYxZTc1Mj
       FkOSIsImF0dHJpYnV0ZXMiOlsiaWQiLCJuYW1lIiwidXNlck5hbWUiLCJwYXNz
       d29yZCIsImVtYWlscyJdfX19.",
       "3d0c3cf797584bd193bd0fb1bd4e7d30":
       "eyJhbGciOiJub25lIn0.
       eyJqdGkiOiIzZDBjM2NmNzk3NTg0YmQxOTNiZDBmYjFiZDRlN2QzMCIsImlhdC
       I6MTQ1ODQ5NjAyNSwiaXNzIjoiaHR0cHM6Ly9zY2ltLmV4YW1wbGUuY29tIiwi
       YXVkIjpbImh0dHBzOi8vamh1Yi5leGFtcGxlLmNvbS9GZWVkcy85OGQ1MjQ2MW
       ZhNWJiYzg3OTU5M2I3NzU0IiwiaHR0cHM6Ly9qaHViLmV4YW1wbGUuY29tL0Zl
       ZWRzLzVkNzYwNDUxNmIxZDA4NjQxZDc2NzZlZTciXSwic3ViIjoiaHR0cHM6Ly
       9zY2ltLmV4YW1wbGUuY29tL1VzZXJzLzQ0ZjYxNDJkZjk2YmQ2YWI2MWU3NTIx
       ZDkiLCJldmVudHMiOnsidXJuOmlldGY6cGFyYW1zOnNjaW06ZXZlbnQ6cGFzc3
       dvcmRSZXNldCI6eyJpZCI6IjQ0ZjYxNDJkZjk2YmQ2YWI2MWU3NTIxZDkifSwi
       aHR0cHM6Ly9leGFtcGxlLmNvbS9zY2ltL2V2ZW50L3Bhc3N3b3JkUmVzZXRFeH
       QiOnsicmVzZXRBdHRlbXB0cyI6NX19fQ."
     },
     "setErrs": {
       "5c436b19-0958-4367-b408-2dd542606d3b" : {
         "err": "invalid subject",
         "description": "subject format not supported"
       }
     },
     "maxResponseEvents": 10
   }

                     Figure 2: Example Pushpull request

   In the above example request, the Initiator does acknowledge any
   previous events.  Delivers two SETs and reports an error on a
   previously received SET.

Tulshibagwale             Expires 9 March 2025                  [Page 8]
Internet-Draft                  pushpull                  September 2024

6.3.2.  Response

   The following is a non-normative example of a response:

   HTTP/1.1 200 OK
   Content-type: application/json

   {
     "ack": [
       "3d0c3cf797584bd193bd0fb1bd4e7d30"
     ],
     "sets": {
       "756E69717565206964656E746966696572":
       "eyJ0eXAiOiJzZWNldmVudCtqd3QiLCJhbGciOiJIUzI1NiJ9Cg.
     eyJpc3MiOiJodHRwczovL2lkcC5leGFtcGxlLmNvbS8iLCJqdGkiOiI3NTZFNjk
     3MTc1NjUyMDY5NjQ2NTZFNzQ2OTY2Njk2NTcyIiwiaWF0IjoxNTA4MTg0ODQ1LC
     JhdWQiOiI2MzZDNjk2NTZFNzQ1RjY5NjQiLCJldmVudHMiOnsiaHR0cHM6Ly9zY
     2hlbWFzLm9wZW5pZC5uZXQvc2VjZXZlbnQvcmlzYy9ldmVudC10eXBlL2FjY291
     bnQtZGlzYWJsZWQiOnsic3ViamVjdCI6eyJzdWJqZWN0X3R5cGUiOiJpc3Mtc3V
     iIiwiaXNzIjoiaHR0cHM6Ly9pZHAuZXhhbXBsZS5jb20vIiwic3ViIjoiNzM3NT
     YyNkE2NTYzNzQifSwicmVhc29uIjoiaGlqYWNraW5nIn19fQ.
     Y4rXxMD406P2edv00cr9Wf3_XwNtLjB9n-jTqN1_lLc"
     }
   }

                    Figure 3: Example Pushpull response

   In the above example, the Responder acknowledges one of the SETs it
   previously received and provides a SET to deliver to the initiator.
   There are no errors reported by the Responder.

7.  WebSocket Binding

   Transceivers MAY use WebSockets [RFC6455] to send and receive
   Communication Objects described in Section 5.  Since WebSockets are a
   symmetric protocol, a Transceiver MAY send a Communication Object at
   any time to its Peer.  In such communication, a Transceiver sends a
   Communication Object as Payload data over the WebSocket protocol to a
   Peer.  Similarly, a Transceiver MAY receive a Communication Object
   from a Peer over a WebSocket connection, wherein the Communication
   Object is the Payload data.  In all such WebSocket communication, the
   Payload data does not have any Extension data in it.

Tulshibagwale             Expires 9 March 2025                  [Page 9]
Internet-Draft                  pushpull                  September 2024

7.1.  Using WebSockets

   During any communication initiated by a Transceiver, the Transceiver
   MAY request the Peer to use WebSockets [RFC6455] by requesting that
   the connection be upgraded to a WebSocket connection.  If the
   Transceiver and its Peer can successfully perform the WebSocket
   handshake for the Pushpull Subprotocol described in Section 7.1.1,
   then the Transceiver and Peer MUST use WebSockets until the
   connection is closed.  If the handshake fails, the Transceiver and
   Peer MAY use the HTTP Request Response Binding as described in
   Section 6

7.1.1.  Pushpull Subprotocol Handshake

   The Pushpull subprotocol is used to transport Communication Objects
   Section 5 over a WebSocket connection.  The Transceiver and its Peer
   agree to this subprotocol during the WebSocket handshake (see
   Section 1.3 of [RFC6455]).

   During the Websocket handshake, the Initiator MUST include the value
   pushpull in the list of protocols for the Sec-WebSocket-Protocol
   header.  The reply from the Responder MUST also include the value
   pushpull in the list of values in its own Sec-WebSocket-Protocol
   header, in order for the Initiator and Responder to use WebSockets.

8.  Authentication and Authorization

   The Initiator MUST verify the identity of the Responder by validating
   the TLS certification presented by the Responder, and verifying that
   it is the intended recipient of the request, before sending the
   Communication Object Section 5.

   The Initiator MUST attempt to obtain the OAuth Protected Resource
   Metadata [OPRM] for the Responder endpoint.  If such metadata is
   found, the Initiator MUST obtain an access token using the metadata.
   If no such metadata is found, then the Initiator MAY use any means to
   authorize itself to the Responder.

   The Responder MUST verify the identity and authorization of the
   Initiator.  The Responder MAY use OAuth Protected Resource Metadata
   [OPRM] for this purpose, but the Responder MAY use other means to
   authorize the Initiator, which are beyond the scope of this
   specification.

Tulshibagwale             Expires 9 March 2025                 [Page 10]
Internet-Draft                  pushpull                  September 2024

9.  Delivery Reliability

   A Transceiver MUST attempt to deliver any SETs it has previously
   attempted to deliver to a Peer until: * It receives an
   acknowledgement through the ack value for that SET in a subsequent
   communication with the Peer * It receives a setErrs object for that
   SET in a subsequent communication with the Peer * It has attempted to
   deliver the SET a maximum number of times and has failed to
   communicate either due to communication errors or lack of inclusion
   in ack or setErrs in subsequent communications that were conducted
   for the maximum number of times.  The maximum number of attempts MAY
   be set by the Transceiver for itself and SHOULD be communicated
   offline to the Peers.

   If a Transceiver previously attempted to deliver a SET in a response
   to a Peer's request, the Transceiver MAY Initiate a request to the
   Peer in order to retry delivery of the SET.  A Peer MUST be able to
   either provide acks or setErrs for the same SETs either through
   requests or responses.

10.  All SETs Accounted For

   A Transceiver MUST ensure that it includes the jti value of each SET
   it receives, either in an ack or a setErrs value, to the Transceiver
   from which it received the SETs.  A Transceiver SHOULD retry sending
   the same SET again if it was never responded to either in an ack
   value or in a setErrs value by a receiving Transceiver in a
   reasonable time period.  A Transceiver MAY limit the number of times
   it retries sending a SET.  A Transceiver MAY publish the retry time
   period and maximum number of retries to its peers, but such
   publication is outside the scope of this specification.

11.  Uniqueness of SETs

   A Transceiver MUST NOT send two SETs with the same jti value if the
   SET has been either acknowledged through ack value or produced an
   error indicated by a setErrs value.  If a Transceiver wishes to re-
   send an event after it has received a error response through a
   setErrs value, then it MUST generate a new SET that has a new (and
   unique) jti value.

12.  Security Considerations

12.1.  Authentication and Authorization

   Transceivers MUST follow the procedures described in section
   Section 8 in order to securely authenticate and authorize Peers

Tulshibagwale             Expires 9 March 2025                 [Page 11]
Internet-Draft                  pushpull                  September 2024

12.2.  HTTP and TLS

   Transceivers MUST use TLS [RFC8446] to communicate with Peers and is
   subject to the security considerations of HTTP [RFC9110] Section 17.

12.3.  Denial of Service

   A Responder may be vulnerable to denial of service attacks wherein a
   large number of spurious requests need to be processed.  Having
   efficient authorization mechanisms such as OAuth 2.0 [RFC6749] can
   mitigate such attacks by leveraging standard infrastructure that is
   designed to handle such attacks.

12.4.  Temporary Disconnection

   Transceivers must make sure they respond to each SET received in a
   timely manner as described in the "All SETs Accounted For" section
   Section 10.  This ensures that if there was a temporary disconnection
   between two Transceivers, say when a Responding Transceiver sent a
   Communication Object in the HTTP Response, that such disconnection is
   detected and the missing SETs can be retried.

13.  Privacy Considerations

   SETs may contain confidential information, and Transceivers receiving
   SETs must be careful not to log such content or ensure that sensitive
   information from the SET is redacted before logging.

14.  IANA Considerations

   The following WebSocket subprotocol will be added to the "WebSocket
   Subprotocol Name Registry" [IANA.WebSocket.Subprotocol]

   *  Subprotocol Identifier: puhspull

   *  Subprotocol Common Name: WebSocket transport for Pushpull delivery
      of SETs

   *  Subprotocol Definition: Section Section 7.1.1 of this document.

15.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

Tulshibagwale             Expires 9 March 2025                 [Page 12]
Internet-Draft                  pushpull                  September 2024

   [RFC6455]  Fette, I. and A. Melnikov, "The WebSocket Protocol",
              RFC 6455, DOI 10.17487/RFC6455, December 2011,
              <https://www.rfc-editor.org/rfc/rfc6455>.

   [RFC6749]  Hardt, D., Ed., "The OAuth 2.0 Authorization Framework",
              RFC 6749, DOI 10.17487/RFC6749, October 2012,
              <https://www.rfc-editor.org/rfc/rfc6749>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.

   [RFC8259]  Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
              Interchange Format", STD 90, RFC 8259,
              DOI 10.17487/RFC8259, December 2017,
              <https://www.rfc-editor.org/rfc/rfc8259>.

   [RFC8417]  Hunt, P., Ed., Jones, M., Denniss, W., and M. Ansari,
              "Security Event Token (SET)", RFC 8417,
              DOI 10.17487/RFC8417, July 2018,
              <https://www.rfc-editor.org/rfc/rfc8417>.

   [RFC8446]  Rescorla, E., "The Transport Layer Security (TLS) Protocol
              Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
              <https://www.rfc-editor.org/rfc/rfc8446>.

   [RFC8935]  Backman, A., Ed., Jones, M., Ed., Scurtescu, M., Ansari,
              M., and A. Nadalin, "Push-Based Security Event Token (SET)
              Delivery Using HTTP", RFC 8935, DOI 10.17487/RFC8935,
              November 2020, <https://www.rfc-editor.org/rfc/rfc8935>.

   [RFC8936]  Backman, A., Ed., Jones, M., Ed., Scurtescu, M., Ansari,
              M., and A. Nadalin, "Poll-Based Security Event Token (SET)
              Delivery Using HTTP", RFC 8936, DOI 10.17487/RFC8936,
              November 2020, <https://www.rfc-editor.org/rfc/rfc8936>.

   [RFC9110]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
              Ed., "HTTP Semantics", STD 97, RFC 9110,
              DOI 10.17487/RFC9110, June 2022,
              <https://www.rfc-editor.org/rfc/rfc9110>.

   [OPRM]     Jones, M. B., Hunt, P., and A. Parecki, "OAuth 2.0
              Protected Resource Metadata", May 2024,
              <https://datatracker.ietf.org/doc/draft-ietf-oauth-
              resource-metadata/>.

Tulshibagwale             Expires 9 March 2025                 [Page 13]
Internet-Draft                  pushpull                  September 2024

   [IANA.WebSocket.Subprotocol]
              IANA, "WebSocket Subprotocol Name Registry", n.d.,
              <https://www.iana.org/assignments/websocket/
              websocket.xml#subprotocol-name>.

Contributors

   Erik Gustavson
   SGNL
   Email: erik@sgnl.ai

   Apoorva Deshpande
   Okta
   Email: apoorva.deshpande@okta.com

Author's Address

   Atul Tulshibagwale
   SGNL
   Email: atul@sgnl.ai

Tulshibagwale             Expires 9 March 2025                 [Page 14]