Minutes IETF97: secevent
minutes-97-secevent-00

IETF97: Minutes of the secevent session
=======================================

The SecEvent working group met for the first time. The chair recapped history 
of the working group formation and current WG status. Only a handful of people 
read the WG drafts prior to the meeting.

Presentations:
    
RISC: 
Marius Scurtescu presented about Risk and Incident Sharing and Coordination
More info at http://openid.net/wg/risc/
There were no comments from the audience.

OIDC Back-Channel Logout use case for SET:
Mike Jones presented. 
More info at http://openid.net/specs/openid-connect-backchannel-1_0.html
No substantive comments

Security Event Drafts: 
Phil Hunt presented
Justin Richer: Placement of Issuer and Subject in the tokens. Makes sense here 
(IdP is generating the logout message itself), but needs to be generalised for 
cases where third party sends events. Complex topic, needs offline discussion.
Slides:
        Background:
        SCIM events - good for single-master events, but not multi-master
        work going on on multi-master synchronisation
        SCIM shut down - so need a new place to continue work
        set of events was similar to what RISC presentation had
        Idea: there are multiple approaches to the same problem - can this be 
           reconciled into a core protocol?
        SET Distribution HTTP POST, which needs to be parsed and checked before 
           returning OK

Kathleen Moriarty: in early stage, so let's consider broad set of options: what 
   about XMPP Grid? Has pub/sub support, more than ten vendors doing it. XMPP 
   Grid works bidirectionally, and supports multitude of data formats.
Nancy Cam-Winget: Confirmed XMPP details. Needs secevents to clarify what their
   requirements re bilateralness are, but should be a good match.
Kathleen Moriarty: On STIX/TAXII. STIX is huge effort, might end up using sth 
   like this. TAXII some kind of transport, maybe too complex/bloated; keep 
   hearing that it doesn't work. STIX and this work can co-exist; no need to 
   merge into STIX.
Ben ... : "verify" operation: what is the scope? Scope is limited to verify 
   that parsing of the events works, and map to an account; not about verifying 
   the account itself (i.e. not checking existence of an email address property 
   etc.)
Remote Comment: Empty HTTP 202 response means "OK"? Shouldn't there be a JSON 
   object inside?
John Bradley: Subject to WG discussion. Personally in favour of an empty 
   message.
Conclusion: Will be put into draft; can be changed during WG process at any 
   time.
John Bradley: Should claims be in the object? Does subject have to be in the 
   object? Subject at top-level, mostly for legacy reasons. Issue can be 
   discussed on the list.

Conclusions from Chair:
    no humming, as too few people have read drafts. Please read drafts.
    Discussions should please happen on-list.
    There was some criticism on existence of the WG, but only one offering such
    criticism is here, so...
Bob: Great place for /Identity/ security events. It is difficult to follow 
    discussions as an outsider. Data models for the work here would be very 
    useful to assess applicability in other areas (e.g. IoT).
Kathleen Moriarty: Probably just a naming problem: wg "security events" may 
   suggest larger scope. WG names not very important in the long run.
Yaron Sheffer: How about a use case document? Could shed light on the lingering 
   privacy issues.
Kathleen Moriarty: Request for more/new working group chairs.
Justin Richer: Driving force and main use case: transaction approval (not only 
   re identity, also "release medical record" type).
William Denniss: JWT is a IETF specification, so this use of it also inside process.