M. Scurtescu | |
A. Backman | |
Amazon | |
P. Hunt | |
Oracle | |
J. Bradley | |
Yubico | |
April 24, 2018 |
OpenID RISC Event Types 1.0
openid-risc-event-types-1_0
This document defines the RISC Event Types. Event Types are introduced and defined in Security Event Token (SET) [SET].
This specification is based on RISC Profile [RISC-PROFILE] and uses the subject identifiers defined there.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
The base URI for RISC event types is:
https://schemas.openid.net/secevent/risc/event-type/
Event Type URI:
https://schemas.openid.net/secevent/risc/event-type/account-credential-change-required
Account Credential Change Required signals that the account identified by the subject was required to change a credential. For example the user was required to go through a password change.
Attributes: none
{ "iss": "https://idp.example.com/", "jti": "756E69717565206964656E746966696572", "iat": 1508184845, "aud": "636C69656E745F6964", "events": { "https://schemas.openid.net/secevent/risc/event-type/\ account-credential-change-required": { "subject": { "subject_type": "iss-sub", "iss": "https://idp.example.com/", "sub": "7375626A656374", } } } }
(the event type URI is wrapped, the backslash is the continuation character)
Figure 1: Example: Account Credential Change Required
Event Type URI:
https://schemas.openid.net/secevent/risc/event-type/account-purged
Account Purged signals that the account identified by the subject has been permanently deleted.
Attributes: none
Event Type URI:
https://schemas.openid.net/secevent/risc/event-type/account-disabled
Account Disabled signals that the account identified by the subject has been disabled. The actual reason why the account was disabled might be specified with the nested reason attribute described below. The account may be enabled [account-enabled] in the future.
Attributes:
{ "iss": "https://idp.example.com/", "jti": "756E69717565206964656E746966696572", "iat": 1508184845, "aud": "636C69656E745F6964", "events": { "https://schemas.openid.net/secevent/risc/event-type/\ account-disabled": { "subject": { "subject_type": "iss-sub", "iss": "https://idp.example.com/", "sub": "7375626A656374", }, "reason": "hijacking", } } }
(the event type URI is wrapped, the backslash is the continuation character)
Figure 2: Example: Account Disabled
Event Type URI:
https://schemas.openid.net/secevent/risc/event-type/account-enabled
Account Enabled signals that the account identified by the subject has been enabled.
Attributes: none
Event Type URI:
https://schemas.openid.net/secevent/risc/event-type/identifier-changed
Identifier Changed signals that the identifier specified in the subject has changed. The subject type MUST be either email or phone and it MUST specify the old value.
This event SHOULD be issued only by the provider that is authoritative over the identifier. For example, if the person that owns john.doe@example.com goes through a name change and wants the new john.row@example.com email then only the email provider example.com SHOULD issue an Identifier Changed event as shown in the example below.
If an identifier used as a username or recovery option is changed, at a provider that is not authoritative over that identifier, then Recovery Information Changed [recovery-information-changed] SHOULD be used instead.
Attributes:
{ "iss": "https://idp.example.com/", "jti": "756E69717565206964656E746966696572", "iat": 1508184845, "aud": "636C69656E745F6964", "events": { "https://schemas.openid.net/secevent/risc/event-type/\ identifier-changed": { "subject": { "subject_type": "email", "email": "john.doe@example.com", }, "new-value": "john.roe@example.com", } } }
The foo@example.com email changed to bar@example.com. (the event type URI is wrapped, the backslash is the continuation character)
Figure 3: Example: Identifier Changed
Event Type URI:
https://schemas.openid.net/secevent/risc/event-type/identifier-recycled
Identifier Recycled signals that the identifier specified in the subject was recycled and now it belongs to a new user. The subject type MUST be either email or phone.
Attributes: none
{ "iss": "https://idp.example.com/", "jti": "756E69717565206964656E746966696572", "iat": 1508184845, "aud": "636C69656E745F6964", "events": { "https://schemas.openid.net/secevent/risc/event-type/\ identifier-recycled": { "subject": { "subject_type": "email", "email": "foo@example.com", } } } }
The 'foo@example.com' email address was recycled. (the event type URI is wrapped, the backslash is the continuation character)
Figure 4: Example: Identifier Recycled
Users SHOULD be allowed to opt-in and out of RISC events being sent for their accounts. With regards to opt-out an account can be in one of these three states:
State changes trigger Opt-Out Events as represented bellow:
+--------+ opt-out-initiated +-------------------+ | +---------------------> | | opt-in | | opt-out-initiated | | | pt-out-cancelled | | | <---------------------+ | +---^----+ +----------+--------+ | | | opt-in | opt-out-effective | | | +----------V--------+ | | | +--------------------------| opt-out | | | +-------------------+
Figure 5: Opt-Out States and Opt-Out Events
Both Transmitters and Receivers SHOULD manage Opt-Out state for users. Transmitters should send the events defined in this section when the Opt-Out state changes.
Event Type URI:
https://schemas.openid.net/secevent/risc/event-type/opt-in
Opt In signals that the account identified by the subject opted into RISC event exchanges. The account is in the opt-in state.
Attributes: none
Event Type URI:
https://schemas.openid.net/secevent/risc/event-type/opt-out-initiated
Opt Out Initiated signals that the account identified by the subject initiated to opt out from RISC event exchanges. The account is in the opt-out-initiated state.
Attributes: none
Event Type URI:
https://schemas.openid.net/secevent/risc/event-type/opt-out-cancelled
Opt Out Cancelled signals that the account identified by the subject cancelled the opt out from RISC event exchanges. The account is in the opt-in state.
Attributes: none
Event Type URI:
https://schemas.openid.net/secevent/risc/event-type/opt-out-effective
Opt Out Effective signals that the account identified by the subject was effectively opted out from RISC event exchanges. The account is in the opt-out state.
Attributes: none
Event Type URI:
https://schemas.openid.net/secevent/risc/event-type/recovery-activated
Recovery Activated signals that the account identified by the subject activated a recovery flow.
Attributes: none
Event Type URI:
https://schemas.openid.net/secevent/risc/event-type/recovery-information-changed
Recovery Information Changed signals that the account identified by the subject has changed some of its recovery information. For example a recovery email address was added or removed.
Attributes: none
Event Type URI:
https://schemas.openid.net/secevent/risc/event-type/sessions-revoked
Sessions Revoked signals that all the sessions for the account identified by the subject have been revoked.
Attributes: none
[JSON] | Bray, T., "The JavaScript Object Notation (JSON) Data Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March 2014. |
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. |
[RFC8174] | Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017. |
[RISC-PROFILE] | Scurtescu, M., Backman, A. and J. Bradley, "OpenID RISC Profile of IETF Security Events 1.0", April 2018. |
[SET] | Hunt, P., Jones, M., Denniss, W. and M. Ansari, "Security Event Token (SET)", April 2018. |