Network Working Group                                       P. Hunt, Ed.
Internet-Draft                                                    Oracle
Intended status: Standards Track                              W. Denniss
Expires: September 21, 2016                                       Google
                                                               M. Ansari
                                                                   Cisco
                                                          March 20, 2016


                          Identity Event Token
                      draft-hunt-idevent-token-00

Abstract

   This specification defines an Identity Event token which may be
   distributed via a protocol such as HTTP.  An identity event token is
   based on the JSON Web Token and may be optionally signed and/or
   encrypted.  It describes a statement of fact that may be shared by an
   event publisher with registered subscribers.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 21, 2016.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must



Hunt, et al.           Expires September 21, 2016               [Page 1]


Internet-Draft          draft-hunt-idevent-token              March 2016


   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction and Overview . . . . . . . . . . . . . . . . . .   2
     1.1.  Notational Conventions  . . . . . . . . . . . . . . . . .   4
     1.2.  Definitions . . . . . . . . . . . . . . . . . . . . . . .   4
   2.  Events  . . . . . . . . . . . . . . . . . . . . . . . . . . .   5
     2.1.  Core Event Attributes . . . . . . . . . . . . . . . . . .   6
     2.2.  Event Token Construction  . . . . . . . . . . . . . . . .   8
   3.  Security Considerations . . . . . . . . . . . . . . . . . . .  11
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  11
     4.1.  Registration of Event URN Sub-namespace . . . . . . . . .  11
     4.2.  Event Registry  . . . . . . . . . . . . . . . . . . . . .  11
   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  12
     5.1.  Normative References  . . . . . . . . . . . . . . . . . .  12
     5.2.  Informative References  . . . . . . . . . . . . . . . . .  12
   Appendix A.  Contributors . . . . . . . . . . . . . . . . . . . .  13
   Appendix B.  Acknowledgments  . . . . . . . . . . . . . . . . . .  13
   Appendix C.  Change Log . . . . . . . . . . . . . . . . . . . . .  13
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  13

1.  Introduction and Overview

   This specification defines an extensible event token format which may
   be exchanged using protocols such as HTTP.  The specification builds
   on the JSON Web Token format [RFC7519] in order to provide a self-
   contained message "token" that can be optionally signed using JSON
   Web Signature [RFC7515] and/or encrypted using JSON Web Encryption
   [RFC7516].

   For the purpose of this specification an "event" is a statement of
   fact by a publisher (also known as an issuer) that the state of a
   resource it controls has changed in some way (explicitly or
   implicitly).  Based on some agreed upon criteria for an event feed,
   the publisher distributes the event to the appropriate subscribers.

   [[Background: to be removed from final specification]]At the time of
   writing of this specifications there are several discussions
   regarding the need for identity events.  Some of these include:

   o  Events to allow SCIM resource co-ordination between SCIM domains.

   o  OAuth Token Revocation (see [RFC7009])

   o  OpenID Logout or downstream logout notification.



Hunt, et al.           Expires September 21, 2016               [Page 2]


Internet-Draft          draft-hunt-idevent-token              March 2016


   o  Session Cancellation

   o  OpenID Risk Incident Sharing and Coordination (RISC) Events.  See
      [RISC]

   o  The HEART WG [HEART] which intends to define privacy and security
      related events in health-related data sharing APIs.

   This specification uses example SCIM events which are intended to be
   non-normative for the purpose of showing how an event may be used in
   practice.

   A resource state change event typically includes explicit operation
   events such as: a resource has been created, modified, removed, or
   updated in some way.

   In addition to explicit operations there may be higher-level
   statements made that describe an effect resulting from a change.  For
   example, a publisher may wish to indicate that a user resource has
   taken over an email identifier that may have been used in the past.
   This cumulative event is a high-level statement that takes into
   account that another resource had a personal identifier that
   potentially conflicts with a newer resource.  Because of the security
   impact, the publisher wishes to notify its subscribers of the
   identifier re-use.  In this way, the event is not describing a
   particular state change to a resource, it describes a meta-conclusion
   based on its own business and security rules (this scenario is often
   called an 'account take-over' event).

   A subscriber having received an event, validates and interprets the
   event and takes its own independent action, if any.  For example,
   having been informed of a personal identifier now being associated
   with a different resource (i.e. is being used by someone-else), the
   subscriber may choose to ensure that the new user is not granted
   access to resources associated with the previous user.

   Events SHOULD NOT be used to convey commands or requests.  To do so
   requires complex bi-directional signalling and error recovery
   mechanisms which fall outside the scope of this specification.  The
   intent of this specification is to define a way of exchanging
   historical statements of fact that subscribers may interpret for
   their own use.

   This specification is scoped to security and identity related events.
   While event tokens may be used for other purposes, the specification
   only considers security and privacy concerns relevant to identity and
   personal information.




Hunt, et al.           Expires September 21, 2016               [Page 3]


Internet-Draft          draft-hunt-idevent-token              March 2016


   This specification may be optionally used with the identity event
   subscription management specification which provides the details of
   event feeds and how subscribers register for events(see
   [idevent-subscription]), defines a protocol registry for event
   transmission methods including transmission using HTTP.

1.1.  Notational Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].  These
   keywords are capitalized when used to unambiguously specify
   requirements of the protocol or application features and behavior
   that affect the interoperability and security of implementations.
   When these words are not capitalized, they are meant in their
   natural-language sense.

   For purposes of readability examples are not URL encoded.
   Implementers MUST percent encode URLs as described in Section 2.1 of
   [RFC3986].

   Throughout this documents all figures MAY contain spaces and extra
   line-wrapping for readability and space limitations.  Similarly, some
   URI's contained within examples, have been shortened for space and
   readability reasons.

1.2.  Definitions

   The following definitions are used with Identity Events:

   Feed Publisher
      The Feed Provider publishes events to be distributed to registered
      subscribers.  In JWT terminology, the Feed Publisher is also known
      as the issuer "iss").

   Event
      An event is a resource change statement that is to be distributed
      to one or more registered subscribers.  An event is constructed as
      a JWT token and MAY be signed or encrypted using JWS/JWE for
      authentication and confidentiality reasons.

   Feed
      A feed is a URI that describes the set of resources and events
      under which events may be issued.  An interested client registers
      with the Feed Provider to subscribe to events associated with a
      feed.  When expressed in a JWT token, a feed is defined as the
      event's audience ("aud").




Hunt, et al.           Expires September 21, 2016               [Page 4]


Internet-Draft          draft-hunt-idevent-token              March 2016


   Subscriber
      A Subscriber registers to receive event notifications from a Feed
      Provider using a protocol such as HTTP.

2.  Events

   An identity event conveys a message (in the form of a JWT token
   [RFC7519]) about a resource (i.e. a security subject) that may be of
   interest to a subscriber or set of subscribers participating in an
   event feed (see [idevent-subscription]).

   In addition to the JWT attributes "iss" and "aud", an event message
   contains the attribute "eventUris" with at least one value containing
   the URI prefix "urn:ietf:params:event:".  The event URI values
   indicate what event information (attributes) and what type of event
   (e.g. resource modified) is contained in the event message.  The
   definition of registered events are found in the event registry (see
   Section 4.2).

   The attribute "resourceUris" specifies one or more affected resources
   which are the subject of the event.

   The schema and structure of an event follows the JWT [RFC7519].  An
   event JWT has the following characteristics:

   o  a common set of attributes common to every event, and

   o  one or more event extensions that each contain a set of attributes
      that belonging to an extension.






















Hunt, et al.           Expires September 21, 2016               [Page 5]


Internet-Draft          draft-hunt-idevent-token              March 2016


   The following is a non-normative example showing a password change
   event that conveys a SCIM event (see [idevent-scim]):

   {
     "jti": "3d0c3cf797584bd193bd0fb1bd4e7d30",
     "eventUris":[
       "urn:ietf:params:event:SCIM:password",
       "urn:ietf:params:event:extension:example.com:password"
     ],
     "iat": 1458496025,
     "iss": "https://scim.example.com",
     "aud":[
       "https://jhub.example.com/Feeds/98d52461fa5bbc879593b7754",
       "https://jhub.example.com/Feeds/5d7604516b1d08641d7676ee7"
     ],
     "sub":
       "https://scim.example.com/Users/44f6142df96bd6ab61e7521d9",
     "urn:ietf:params:event:SCIM:password":{
       "id":"44f6142df96bd6ab61e7521d9",
     },
     "urn:ietf:params:event:extension:example.com:password":{
        "resetAttempts":5
     }
   }

                Figure 1: Example SCIM Password Reset Event

   The event in the figure above expresses hypothetical password reset
   event for SCIM.  The JWT consists of an "iss" attribute which denotes
   the event publisher.  The "aud" attribute specifies the intended
   audience for the event.  In practical terms this MAY be the the URI
   for the event feed that a client has subscribed to.

   Additional extensions to an event may be added by adding more values
   to the "eventUris" attribute.  For each event URI value specified,
   there is a corresponding attribute that has its on JSON object that
   contains the attributes associated with that event (e.g.
   "urn:ietf:params:event:extension:example.com:password").  In this
   example, the SCIM event indicates that a password has been updated
   and the current password reset count is 5.  Notice that the value for
   "resetAttempts" is actually part of its own JSON object
   "urn:ietf:params:event:extension:example.com:password".

2.1.  Core Event Attributes

   The following are attributes that are based on [RFC7519] claim
   definitions and are profiled for use in an event message:




Hunt, et al.           Expires September 21, 2016               [Page 6]


Internet-Draft          draft-hunt-idevent-token              March 2016


   jti
      As defined by Section 4.1.7 [RFC7519] contains a unique identifier
      for an event.  The identifier SHOULD be unique within a particular
      event feed and MAY be used by clients to track whether a
      particular event has already been received.  This attribute is
      REQUIRED.  [[Do we need a way to detect order of or missing
      events?  Or should this be provided by the subscription spec?]]

   iss
      A single valued String containing the URI of the service provider
      publishing the event (the issuer).  For example, in SCIM, this is
      the SCIM Service Provider's root endpoint.  This attribute is
      REQUIRED.

   aud
      A multi-valued String containing the URIs representing the
      audience of the event.  Values are typically URLs of the feeds the
      event is associated with.  When an event has multiple audiences
      that go to the same subscriber, the publisher is not obligated to
      deliver repeated events to the same subscriber.  This attribute is
      RECOMMENDED.

   iss
      A single valued String containing the URI of the service provider
      publishing the event (the issuer).  For example, in SCIM
      [RFC7644], this is the SCIM Service Provider's root endpoint.
      This attribute is REQUIRED.

   sub
      A value that identifies the subject of the event.  This SHOULD be
      the URI of the affected resource.  Some example resources include:
      users, tokens, grants, sessions, and any addressable resource
      about which a change in state may be described.  This attribute is
      REQUIRED.

   iat
      As defined by Section 4.1.6 [RFC7519], a value containing a
      NumericDate which represents when the event was issued.  Unless
      otherwise specified, the value SHOULD be interpreted by the
      subscriber as equivalent to the actual time of the event.  This
      attribute is REQUIRED.  [[DISCUSS: DO WE NEED TO DIFFERENTIATE?]]

   nbf
      As defined by Section 4.1.5 [RFC7519], a value containing a
      NumericDate which represents a future date when the event will
      occur.  This attribute is OPTIONAL.

   The following are new attributes defined by this specification:



Hunt, et al.           Expires September 21, 2016               [Page 7]


Internet-Draft          draft-hunt-idevent-token              March 2016


   eventUris
      A multi-valued String that contains the URIs of events contained
      within the JWT.  Values in this attribute further indicate what
      other JSON objects are present within the parent JSON event
      structure.  Each OPTIONAL JSON sub-object is denoted by an
      attribute that matches a value in "eventUris".  This attribute is
      REQUIRED.

2.2.  Event Token Construction

   An Event Token is a JWT [RFC7519] that is constructed by building a
   JSON structure that constitutes an event object and which is then
   used as the body of a JWT.

   While this specification uses JWT to convey an event message,
   implementers SHALL NOT use these events to convey authentication or
   authorization assertions.


































Hunt, et al.           Expires September 21, 2016               [Page 8]


Internet-Draft          draft-hunt-idevent-token              March 2016


   The following is an example event message(it has been modified for
   readability):

   {
     "jti": "4d3559ec67504aaba65d40b0363faad8",
     "eventUris":[
       "urn:ietf:params:event:SCIM:create"
     ],
     "iat": 1458496404,
     "iss": "https://scim.example.com",
     "aud":[
      "https://scim.example.com/Feeds/98d52461fa5bbc879593b7754",
      "https://scim.example.com/Feeds/5d7604516b1d08641d7676ee7"
     ],
     "sub": "https://scim.example.com/Users/44f6142df96bd6ab61e7521d9",
     "urn:ietf:params:event:SCIM:create":{
       "attributes":["id","name","userName","password","emails"],
       "values":{
         "emails":[
          {"type":"work","value":"jdoe@example.com"}
         ],
         "password":"not4u2no",
         "userName":"jdoe",
         "id":"44f6142df96bd6ab61e7521d9",
         "name":{
           "givenName":"John",
           "familyName":"Doe"
         }
       }
     }
   }

                     Figure 2: Example Event JSON Data

   When transmitted, the above JSON body must be converted into a JWT as
   per [RFC7519].  In this example, because the event contains attribute
   values, the token MUST be encrypted per JWE (see [RFC7516]) before
   transmission.

   The following is an example of a SCIM Event expressed in an unsecured
   JWT token.  The JWT header of:

   {"alg":"none"}

   Base64url encoding of the octets of the UTF-8 representation of the
   header yields:

   eyJhbGciOiJub25lIn0



Hunt, et al.           Expires September 21, 2016               [Page 9]


Internet-Draft          draft-hunt-idevent-token              March 2016


   The example JSON Event Data is encoded as follows:

   eyAgCiAgImp0aSI6ICI0ZDM1NTllYzY3NTA0YWFiYTY1ZDQwYjAzNjNmYWFkOCIs
   CiAgImV2ZW50VXJpcyI6WwogICAgInVybjppZXRmOnBhcmFtczpldmVudDpTQ0lN
   OmNyZWF0ZSIKICBdLAogICJpYXQiOiAxNDU4NDk2NDA0LAogICJpc3MiOiAiaHR0
   cHM6Ly9zY2ltLmV4YW1wbGUuY29tIiwgIAogICJhdWQiOlsKICAgImh0dHBzOi8v
   c2NpbS5leGFtcGxlLmNvbS9GZWVkcy85OGQ1MjQ2MWZhNWJiYzg3OTU5M2I3NzU0
   IiwKICAgImh0dHBzOi8vc2NpbS5leGFtcGxlLmNvbS9GZWVkcy81ZDc2MDQ1MTZi
   MWQwODY0MWQ3Njc2ZWU3IgogIF0sICAKICAic3ViIjogImh0dHBzOi8vc2NpbS5l
   eGFtcGxlLmNvbS9Vc2Vycy80NGY2MTQyZGY5NmJkNmFiNjFlNzUyMWQ5IiwKICAi
   dXJuOmlldGY6cGFyYW1zOmV2ZW50OlNDSU06Y3JlYXRlIjp7CiAgICAiYXR0cmli
   dXRlcyI6WyJpZCIsIm5hbWUiLCJ1c2VyTmFtZSIsInBhc3N3b3JkIiwiZW1haWxz
   Il0sCiAgICAidmFsdWVzIjp7CiAgICAgICJlbWFpbHMiOlsKICAgICAgIHsidHlw
   ZSI6IndvcmsiLCJ2YWx1ZSI6Impkb2VAZXhhbXBsZS5jb20ifQogICAgICBdLAog
   ICAgICAicGFzc3dvcmQiOiJub3Q0dTJubyIsCiAgICAgICJ1c2VyTmFtZSI6Impk
   b2UiLAogICAgICAiaWQiOiI0NGY2MTQyZGY5NmJkNmFiNjFlNzUyMWQ5IiwKICAg
   ICAgIm5hbWUiOnsKICAgICAgICAiZ2l2ZW5OYW1lIjoiSm9obiIsCiAgICAgICAg
   ImZhbWlseU5hbWUiOiJEb2UiCiAgICAgIH0KICAgIH0gIAogIH0KfQ

   The encoded JWS signature is the empty string.  Concatenating the
   parts yields:

   eyJhbGciOiJub25lIn0
   .
   eyAgCiAgImp0aSI6ICI0ZDM1NTllYzY3NTA0YWFiYTY1ZDQwYjAzNjNmYWFkOCIs
   CiAgImV2ZW50VXJpcyI6WwogICAgInVybjppZXRmOnBhcmFtczpldmVudDpTQ0lN
   OmNyZWF0ZSIKICBdLAogICJpYXQiOiAxNDU4NDk2NDA0LAogICJpc3MiOiAiaHR0
   cHM6Ly9zY2ltLmV4YW1wbGUuY29tIiwgIAogICJhdWQiOlsKICAgImh0dHBzOi8v
   c2NpbS5leGFtcGxlLmNvbS9GZWVkcy85OGQ1MjQ2MWZhNWJiYzg3OTU5M2I3NzU0
   IiwKICAgImh0dHBzOi8vc2NpbS5leGFtcGxlLmNvbS9GZWVkcy81ZDc2MDQ1MTZi
   MWQwODY0MWQ3Njc2ZWU3IgogIF0sICAKICAic3ViIjogImh0dHBzOi8vc2NpbS5l
   eGFtcGxlLmNvbS9Vc2Vycy80NGY2MTQyZGY5NmJkNmFiNjFlNzUyMWQ5IiwKICAi
   dXJuOmlldGY6cGFyYW1zOmV2ZW50OlNDSU06Y3JlYXRlIjp7CiAgICAiYXR0cmli
   dXRlcyI6WyJpZCIsIm5hbWUiLCJ1c2VyTmFtZSIsInBhc3N3b3JkIiwiZW1haWxz
   Il0sCiAgICAidmFsdWVzIjp7CiAgICAgICJlbWFpbHMiOlsKICAgICAgIHsidHlw
   ZSI6IndvcmsiLCJ2YWx1ZSI6Impkb2VAZXhhbXBsZS5jb20ifQogICAgICBdLAog
   ICAgICAicGFzc3dvcmQiOiJub3Q0dTJubyIsCiAgICAgICJ1c2VyTmFtZSI6Impk
   b2UiLAogICAgICAiaWQiOiI0NGY2MTQyZGY5NmJkNmFiNjFlNzUyMWQ5IiwKICAg
   ICAgIm5hbWUiOnsKICAgICAgICAiZ2l2ZW5OYW1lIjoiSm9obiIsCiAgICAgICAg
   ImZhbWlseU5hbWUiOiJEb2UiCiAgICAgIH0KICAgIH0gIAogIH0KfQ.

                  Figure 3: Example Unsecured Event Token

   To create and or validate a signed or encrypted event token follow
   the instructions in section 7 of [RFC7519].






Hunt, et al.           Expires September 21, 2016              [Page 10]


Internet-Draft          draft-hunt-idevent-token              March 2016


3.  Security Considerations

   [[TO BE COMPLETED ]]

   o  Avoid using Maximal disclosure mode

   o  Use TLS best practices.

   o  Subscribers SHOULD use SCIM GET to obtain full state when not
      disclosed in the event.

   o  Subscribers MAY use SCIM GET to get the latest state on a resource
      and discard events with iat and nbf that is older.

   o  Subscribers must authenticae the message using either TLS, and/or
      validating signed event messages.

   o  Publishers should avoid retaining events except for audit
      purposes.  Events should not be accessible indefinitely - re: LDAP
      changelog problems.

4.  IANA Considerations

4.1.  Registration of Event URN Sub-namespace

   IANA has added an entry to the "IETF URN Sub-namespace for Registered
   Protocol Parameter Identifiers" registry and created a sub-namespace
   for the Registered Parameter Identifier as per [RFC3553]:
   "urn:ietf:params:event".

   To manage this sub-namespace, IANA is requested to create the "Event"
   Registry which shall be used to manage entries within the
   "urn:ietf:params:scim" namespace.  The registry description is as
   follows:

   o  Registry name: Event

   o  Specification: [this document]

   o  Repository: [see Section 4.2]

   o  Index value: values [see Section 4.2]

4.2.  Event Registry

   [[TO BE COMPLETED]]





Hunt, et al.           Expires September 21, 2016              [Page 11]


Internet-Draft          draft-hunt-idevent-token              March 2016


5.  References

5.1.  Normative References

   [idevent-subscription]
              Oracle Corporation, "Identity Event Subscription Protocol
              (work in progress)".

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC3553]  Mealling, M., Masinter, L., Hardie, T., and G. Klyne, "An
              IETF URN Sub-namespace for Registered Protocol
              Parameters", BCP 73, RFC 3553, DOI 10.17487/RFC3553, June
              2003, <http://www.rfc-editor.org/info/rfc3553>.

   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
              Resource Identifier (URI): Generic Syntax", STD 66,
              RFC 3986, DOI 10.17487/RFC3986, January 2005,
              <http://www.rfc-editor.org/info/rfc3986>.

   [RFC5988]  Nottingham, M., "Web Linking", RFC 5988,
              DOI 10.17487/RFC5988, October 2010,
              <http://www.rfc-editor.org/info/rfc5988>.

   [RFC7159]  Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
              Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
              2014, <http://www.rfc-editor.org/info/rfc7159>.

   [RFC7519]  Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
              (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015,
              <http://www.rfc-editor.org/info/rfc7519>.

   [RFC7643]  Hunt, P., Ed., Grizzle, K., Wahlstroem, E., and C.
              Mortimore, "System for Cross-domain Identity Management:
              Core Schema", RFC 7643, DOI 10.17487/RFC7643, September
              2015, <http://www.rfc-editor.org/info/rfc7643>.

5.2.  Informative References

   [HEART]    The OpenId Foundation, "HEART Working Group (work in
              progress)".

   [idevent-scim]
              Oracle Corporation, "SCIM Event Extensions (work in
              progress)".



Hunt, et al.           Expires September 21, 2016              [Page 12]


Internet-Draft          draft-hunt-idevent-token              March 2016


   [RFC7009]  Lodderstedt, T., Ed., Dronia, S., and M. Scurtescu, "OAuth
              2.0 Token Revocation", RFC 7009, DOI 10.17487/RFC7009,
              August 2013, <http://www.rfc-editor.org/info/rfc7009>.

   [RFC7515]  Jones, M., Bradley, J., and N. Sakimura, "JSON Web
              Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May
              2015, <http://www.rfc-editor.org/info/rfc7515>.

   [RFC7516]  Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)",
              RFC 7516, DOI 10.17487/RFC7516, May 2015,
              <http://www.rfc-editor.org/info/rfc7516>.

   [RFC7517]  Jones, M., "JSON Web Key (JWK)", RFC 7517,
              DOI 10.17487/RFC7517, May 2015,
              <http://www.rfc-editor.org/info/rfc7517>.

   [RFC7644]  Hunt, P., Ed., Grizzle, K., Ansari, M., Wahlstroem, E.,
              and C. Mortimore, "System for Cross-domain Identity
              Management: Protocol", RFC 7644, DOI 10.17487/RFC7644,
              September 2015, <http://www.rfc-editor.org/info/rfc7644>.

   [RISC]     The OpenId Foundation, "RISC (Risk and Incident Sharing
              and Coordination) Working Group (work in progress)".

Appendix A.  Contributors

Appendix B.  Acknowledgments

   The editor would like to thank the participants in the id-events
   mailing list and related working groups for their support of this
   specification.

Appendix C.  Change Log

   Draft 00 - PH - First Draft

Authors' Addresses

   Phil Hunt (editor)
   Oracle Corporation

   Email: phil.hunt@yahoo.com


   William Denniss
   Salesforce.com

   Email: wdenniss@google.com



Hunt, et al.           Expires September 21, 2016              [Page 13]


Internet-Draft          draft-hunt-idevent-token              March 2016


   Morteza Ansari
   Cisco

   Email: morteza.ansari@cisco.com















































Hunt, et al.           Expires September 21, 2016              [Page 14]