updated text to reflect sub_id as a top-level field in verification and stream updated events

tulshi · tulshi · commit 7c83df440d55 · 2023-07-20T11:23:02.000-07:00
diff --git a/openid-sharedsignals-framework-1_0.html b/openid-sharedsignals-framework-1_0.html
@@ -3790,40 +3790,35 @@ <h4 id="name-verification">
             <h5 id="name-verification-event">
 <a href="#section-7.1.4.1" class="section-number selfRef">7.1.4.1. </a><a href="#name-verification-event" class="section-name selfRef">Verification Event</a>
             </h5>
-<p id="section-7.1.4.1-1">The Verification Event is a standard SET with the following attributes:<a href="#section-7.1.4.1-1" class="pilcrow">¶</a></p>
-<p id="section-7.1.4.1-2">event type<a href="#section-7.1.4.1-2" class="pilcrow">¶</a></p>
+<p id="section-7.1.4.1-1">The Verification Event is a SSF Event with the event type: "https://schemas.openid.net/secevent/ssf/event-type/verification". The event contains the following attribute:<a href="#section-7.1.4.1-1" class="pilcrow">¶</a></p>
+<p id="section-7.1.4.1-2">state<a href="#section-7.1.4.1-2" class="pilcrow">¶</a></p>
 <ul class="normal ulEmpty">
 <li class="normal ulEmpty" id="section-7.1.4.1-3.1">
-                <p id="section-7.1.4.1-3.1.1">The Event Type URI is: "https://schemas.openid.net/secevent/ssf/event-type/verification".<a href="#section-7.1.4.1-3.1.1" class="pilcrow">¶</a></p>
+                <p id="section-7.1.4.1-3.1.1">OPTIONAL An opaque value provided by the Event Receiver when the event is
+  triggered.<a href="#section-7.1.4.1-3.1.1" class="pilcrow">¶</a></p>
 </li>
             </ul>
-<p id="section-7.1.4.1-4">state<a href="#section-7.1.4.1-4" class="pilcrow">¶</a></p>
+<p id="section-7.1.4.1-4">As with any SSF event, the Verification Event has a top-level <code>sub_id</code> claim:<a href="#section-7.1.4.1-4" class="pilcrow">¶</a></p>
+<p id="section-7.1.4.1-5">sub_id<a href="#section-7.1.4.1-5" class="pilcrow">¶</a></p>
 <ul class="normal ulEmpty">
-<li class="normal ulEmpty" id="section-7.1.4.1-5.1">
-                <p id="section-7.1.4.1-5.1.1">OPTIONAL An opaque value provided by the Event Receiver when the event is
-  triggered. This is a nested attribute in the event payload.<a href="#section-7.1.4.1-5.1.1" class="pilcrow">¶</a></p>
+<li class="normal ulEmpty" id="section-7.1.4.1-6.1">
+                <p id="section-7.1.4.1-6.1.1">REQUIRED. The value of the top-level <code>sub_id</code> claim in a Verification Event MUST always be set to have a simple value of type <code>opaque</code>. The <code>id</code> of the value MUST be the <code>stream_id</code> of the stream being verified.<a href="#section-7.1.4.1-6.1.1" class="pilcrow">¶</a></p>
 </li>
             </ul>
-<p id="section-7.1.4.1-6">sub_id<a href="#section-7.1.4.1-6" class="pilcrow">¶</a></p>
 <ul class="normal ulEmpty">
 <li class="normal ulEmpty" id="section-7.1.4.1-7.1">
-                <p id="section-7.1.4.1-7.1.1">REQUIRED. The value of the top-level <code>sub_id</code> claim in a Verification Event MUST always be set to have a simple value of type <code>opaque</code>. The <code>id</code> of the value MUST be the <code>stream_id</code> of the stream being verified.<a href="#section-7.1.4.1-7.1.1" class="pilcrow">¶</a></p>
+                <p id="section-7.1.4.1-7.1.1">Note that the subject that identifies a stream itself is always implicitly
+  added to the stream and MAY NOT be removed from the stream.<a href="#section-7.1.4.1-7.1.1" class="pilcrow">¶</a></p>
 </li>
             </ul>
-<ul class="normal ulEmpty">
-<li class="normal ulEmpty" id="section-7.1.4.1-8.1">
-                <p id="section-7.1.4.1-8.1.1">Note that the subject that identifies a stream itself is always implicitly
-  added to the stream and MAY NOT be removed from the stream.<a href="#section-7.1.4.1-8.1.1" class="pilcrow">¶</a></p>
-</li>
-            </ul>
-<p id="section-7.1.4.1-9">Upon receiving a Verification Event, the Event Receiver SHALL parse the SET and
+<p id="section-7.1.4.1-8">Upon receiving a Verification Event, the Event Receiver SHALL parse the SET and
 validate its claims. In particular, the Event Receiver SHALL confirm that the
 value for "state" is as expected. If the value of "state" does not match, an
 error response of "setData" SHOULD be returned (see Section 2.3 of
-<span>[<a href="#DELIVERYPUSH" class="cite xref">DELIVERYPUSH</a>]</span> or <span>[<a href="#DELIVERYPOLL" class="cite xref">DELIVERYPOLL</a>]</span>).<a href="#section-7.1.4.1-9" class="pilcrow">¶</a></p>
-<p id="section-7.1.4.1-10">In many cases, Event Transmitters MAY disable or suspend an Event Stream that
+<span>[<a href="#DELIVERYPUSH" class="cite xref">DELIVERYPUSH</a>]</span> or <span>[<a href="#DELIVERYPOLL" class="cite xref">DELIVERYPOLL</a>]</span>).<a href="#section-7.1.4.1-8" class="pilcrow">¶</a></p>
+<p id="section-7.1.4.1-9">In many cases, Event Transmitters MAY disable or suspend an Event Stream that
 fails to successfully verify based on the acknowledgement or lack of
-acknowledgement by the Event Receiver.<a href="#section-7.1.4.1-10" class="pilcrow">¶</a></p>
+acknowledgement by the Event Receiver.<a href="#section-7.1.4.1-9" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="triggering-a-verification-event">
@@ -3989,30 +3984,26 @@ <h4 id="name-stream-updated-event">
   status.<a href="#section-7.1.5-8.1.1" class="pilcrow">¶</a></p>
 </li>
           </ul>
-<p id="section-7.1.5-9">sub_id<a href="#section-7.1.5-9" class="pilcrow">¶</a></p>
+<p id="section-7.1.5-9">As with any SSF Event, this event has a top-level <code>sub_id</code> claim:<a href="#section-7.1.5-9" class="pilcrow">¶</a></p>
+<p id="section-7.1.5-10">sub_id<a href="#section-7.1.5-10" class="pilcrow">¶</a></p>
 <ul class="normal ulEmpty">
-<li class="normal ulEmpty" id="section-7.1.5-10.1">
-              <p id="section-7.1.5-10.1.1">REQUIRED. The top-level <code>sub_id</code> claim specifies the Subject Principal for whom the status has been updated.
+<li class="normal ulEmpty" id="section-7.1.5-11.1">
+              <p id="section-7.1.5-11.1.1">REQUIRED. The top-level <code>sub_id</code> claim specifies the Subject Principal for whom the status has been updated.
   If the event applies to the entire stream, the value of the <code>sub_id</code> field
   MUST be of format <code>opaque</code>, and its <code>id</code> value MUST be the unique ID of the
-  stream.<a href="#section-7.1.5-10.1.1" class="pilcrow">¶</a></p>
-</li>
-          </ul>
-<ul class="normal ulEmpty">
-<li class="normal ulEmpty" id="section-7.1.5-11.1">
-              <p id="section-7.1.5-11.1.1">Note that the subject that identifies a stream itself is always implicitly
-  added to the stream and MAY NOT be removed from the stream.<a href="#section-7.1.5-11.1.1" class="pilcrow">¶</a></p>
+  stream.<a href="#section-7.1.5-11.1.1" class="pilcrow">¶</a></p>
 </li>
           </ul>
 <ul class="normal ulEmpty">
 <li class="normal ulEmpty" id="section-7.1.5-12.1">
-              <p id="section-7.1.5-12.1.1">Below is a non-normative example of a <code>stream-updated</code> event with a specific
-  subject.<a href="#section-7.1.5-12.1.1" class="pilcrow">¶</a></p>
+              <p id="section-7.1.5-12.1.1">Note that the subject that identifies a stream itself is always implicitly
+  added to the stream and MAY NOT be removed from the stream.<a href="#section-7.1.5-12.1.1" class="pilcrow">¶</a></p>
 </li>
           </ul>
+<p id="section-7.1.5-13">Below is a non-normative example of a <code>stream-updated</code> event with a specific subject.<a href="#section-7.1.5-13" class="pilcrow">¶</a></p>
 <span id="name-example-stream-updated-set-"></span><div id="figstreamupdatedset">
 <figure id="figure-41">
-            <div class="lang-json sourcecode" id="section-7.1.5-13.1">
+            <div class="lang-json sourcecode" id="section-7.1.5-14.1">
 <pre>
 {
   "jti": "123456",
@@ -4041,14 +4032,14 @@ <h4 id="name-stream-updated-event">
             </figcaption></figure>
 </div>
 <ul class="normal ulEmpty">
-<li class="normal ulEmpty" id="section-7.1.5-14.1">
-              <p id="section-7.1.5-14.1.1">Below is a non-normative example of a <code>stream-updated</code> event with a stream
-  subject.<a href="#section-7.1.5-14.1.1" class="pilcrow">¶</a></p>
+<li class="normal ulEmpty" id="section-7.1.5-15.1">
+              <p id="section-7.1.5-15.1.1">Below is a non-normative example of a <code>stream-updated</code> event with a stream
+  subject.<a href="#section-7.1.5-15.1.1" class="pilcrow">¶</a></p>
 </li>
           </ul>
 <span id="name-example-stream-updated-set-w"></span><div id="figstreamupdatedstreamset">
 <figure id="figure-42">
-            <div class="lang-json sourcecode" id="section-7.1.5-15.1">
+            <div class="lang-json sourcecode" id="section-7.1.5-16.1">
 <pre>
 {
   "jti": "123456",
diff --git a/openid-sharedsignals-framework-1_0.md b/openid-sharedsignals-framework-1_0.md
@@ -1797,16 +1797,14 @@ An Event Transmitter MAY send a Verification Event at any time, even if one was
 not requested by the Event Receiver.
 
 #### Verification Event {#verification-event}
-The Verification Event is a standard SET with the following attributes:
-
-event type
-
-> The Event Type URI is: "https://schemas.openid.net/secevent/ssf/event-type/verification".
+The Verification Event is a SSF Event with the event type: "https://schemas.openid.net/secevent/ssf/event-type/verification". The event contains the following attribute:
 
 state
 
 > OPTIONAL An opaque value provided by the Event Receiver when the event is
-  triggered. This is a nested attribute in the event payload.
+  triggered.
+  
+As with any SSF event, the Verification Event has a top-level `sub_id` claim:
 
 sub_id
 
@@ -1936,6 +1934,8 @@ reason
 
 > OPTIONAL. Provides a short description of why the Transmitter has updated the
   status.
+  
+As with any SSF Event, this event has a top-level `sub_id` claim:
 
 sub_id
 
@@ -1947,8 +1947,7 @@ sub_id
 > Note that the subject that identifies a stream itself is always implicitly
   added to the stream and MAY NOT be removed from the stream.
 
-> Below is a non-normative example of a `stream-updated` event with a specific
-  subject.
+Below is a non-normative example of a `stream-updated` event with a specific subject.
 
 ~~~ json
 {
@@ -2297,3 +2296,4 @@ The OpenID Foundation (OIDF) grants to any Contributor, developer, implementer,
 
 The technology described in this specification was made available from contributions from various sources, including members of the OpenID Foundation and others. Although the OpenID Foundation has taken steps to help ensure that the technology is available for distribution, it takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this specification or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any independent effort to identify any such rights. The OpenID Foundation and the contributors to this specification make no (and hereby expressly disclaim any) warranties (express, implied, or otherwise), including implied warranties of merchantability, non-infringement, fitness for a particular purpose, or title, related to this specification, and the entire risk as to implementing this specification is assumed by the implementer. The OpenID Intellectual Property Rights policy requires contributors to offer a patent promise not to assert certain patent claims against other contributors and against implementers. The OpenID Foundation invites any interested party to bring to its attention any copyrights, patents, patent applications, or other proprietary rights that may cover technology that may be required to practice this specification.
 
+
diff --git a/openid-sharedsignals-framework-1_0.txt b/openid-sharedsignals-framework-1_0.txt
@@ -94,7 +94,7 @@ Table of Contents
        7.1.2.  Stream Status . . . . . . . . . . . . . . . . . . . .  33
        7.1.3.  Subjects  . . . . . . . . . . . . . . . . . . . . . .  39
        7.1.4.  Verification  . . . . . . . . . . . . . . . . . . . .  43
-       7.1.5.  Stream Updated Event  . . . . . . . . . . . . . . . .  47
+       7.1.5.  Stream Updated Event  . . . . . . . . . . . . . . . .  46
    8.  Authorization . . . . . . . . . . . . . . . . . . . . . . . .  49
    9.  Security Considerations . . . . . . . . . . . . . . . . . . .  49
      9.1.  Subject Probing . . . . . . . . . . . . . . . . . . . . .  49
@@ -2396,11 +2396,11 @@ Tulshibagwale, et al.        Standards Track                   [Page 42]
 
 7.1.4.1.  Verification Event
 
-   The Verification Event is a standard SET with the following
-   attributes:
-
-   event type
+   The Verification Event is a SSF Event with the event type:
+   "https://schemas.openid.net/secevent/ssf/event-type/verification".
+   The event contains the following attribute:
 
+   state
 
 
 
@@ -2410,14 +2410,11 @@ Tulshibagwale, et al.        Standards Track                   [Page 43]
                               SharedSignals                    June 2023
 
 
-      The Event Type URI is: "https://schemas.openid.net/secevent/ssf/
-      event-type/verification".
-
-   state
-
       OPTIONAL An opaque value provided by the Event Receiver when the
-      event is triggered.  This is a nested attribute in the event
-      payload.
+      event is triggered.
+
+   As with any SSF event, the Verification Event has a top-level sub_id
+   claim:
 
    sub_id
 
@@ -2458,6 +2455,9 @@ Tulshibagwale, et al.        Standards Track                   [Page 43]
 
    state
 
+      OPTIONAL.  An arbitrary string that the Event Transmitter MUST
+      echo back to the Event Receiver in the verification event's
+      payload.  Event Receivers MAY use the value of this parameter to
 
 
 
@@ -2466,9 +2466,6 @@ Tulshibagwale, et al.        Standards Track                   [Page 44]
                               SharedSignals                    June 2023
 
 
-      OPTIONAL.  An arbitrary string that the Event Transmitter MUST
-      echo back to the Event Receiver in the verification event's
-      payload.  Event Receivers MAY use the value of this parameter to
       correlate a verification event with a verification request.  If
       the verification event is initiated by the transmitter then this
       parameter MUST not be set.
@@ -2506,22 +2503,6 @@ Tulshibagwale, et al.        Standards Track                   [Page 44]
    The following is a non-normative example request to trigger a
    verification event:
 
-
-
-
-
-
-
-
-
-
-
-
-Tulshibagwale, et al.        Standards Track                   [Page 45]
-
-                              SharedSignals                    June 2023
-
-
    POST /ssf/verify HTTP/1.1
    Host: transmitter.example.com
    Authorization: Bearer eyJ0b2tlbiI6ImV4YW1wbGUifQo=
@@ -2534,6 +2515,13 @@ Tulshibagwale, et al.        Standards Track                   [Page 45]
 
               Figure 38: Example: Trigger Verification Request
 
+
+
+Tulshibagwale, et al.        Standards Track                   [Page 45]
+
+                              SharedSignals                    June 2023
+
+
    The following is a non-normative example response to a successful
    request:
 
@@ -2564,20 +2552,6 @@ Tulshibagwale, et al.        Standards Track                   [Page 45]
 
                     Figure 40: Example: Verification SET
 
-
-
-
-
-
-
-
-
-
-Tulshibagwale, et al.        Standards Track                   [Page 46]
-
-                              SharedSignals                    June 2023
-
-
 7.1.5.  Stream Updated Event
 
    A Transmitter MAY change the stream status in reference to one or
@@ -2596,6 +2570,14 @@ Tulshibagwale, et al.        Standards Track                   [Page 46]
    this event to any Receiver that has previously been enabled to
    receive events for the specified Subject.
 
+
+
+
+Tulshibagwale, et al.        Standards Track                   [Page 46]
+
+                              SharedSignals                    June 2023
+
+
    The "stream-updated" event MAY contain the following claims:
 
    status
@@ -2608,6 +2590,8 @@ Tulshibagwale, et al.        Standards Track                   [Page 46]
       OPTIONAL.  Provides a short description of why the Transmitter has
       updated the status.
 
+   As with any SSF Event, this event has a top-level sub_id claim:
+
    sub_id
 
       REQUIRED.  The top-level sub_id claim specifies the Subject
@@ -2620,8 +2604,24 @@ Tulshibagwale, et al.        Standards Track                   [Page 46]
       implicitly added to the stream and MAY NOT be removed from the
       stream.
 
-      Below is a non-normative example of a stream-updated event with a
-      specific subject.
+   Below is a non-normative example of a stream-updated event with a
+   specific subject.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 
 
 
