Skip to content

Commit 927afaa

Browse files
committed
synced to updated main branch
2 parents d703324 + 96bdc9e commit 927afaa

7 files changed

+306
-253
lines changed

.github/workflows/build-everything.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,12 @@ jobs:
3434
run: xml2rfc openid-risc-profile-specification-1_0.xml --html -o openid-risc-profile-specification-1_0.html
3535
- name: Render risc text
3636
run: xml2rfc openid-risc-profile-specification-1_0.xml --text -o openid-risc-profile-specification-1_0.txt
37+
- name: Convert caep md to xml
38+
run: kramdown-rfc2629 openid-caep-specification-1_0.md > openid-caep-specification-1_0.xml
39+
- name: Render caep html
40+
run: xml2rfc openid-caep-specification-1_0.xml --html -o openid-caep-specification-1_0.html
41+
- name: Render caep text
42+
run: xml2rfc openid-caep-specification-1_0.xml --text -o openid-caep-specification-1_0.txt
3743
- name: Upload artifact
3844
uses: actions/upload-artifact@v2
3945
with:
@@ -43,6 +49,8 @@ jobs:
4349
openid-sharedsignals-framework-1_0.txt
4450
openid-risc-profile-specification-1_0.html
4551
openid-risc-profile-specification-1_0.txt
52+
openid-caep-specification-1_0.html
53+
openid-caep-specification-1_0.txt
4654
publish-to-pages:
4755
if: github.ref == 'refs/heads/main'
4856
needs: [build-sharedsignals]

README.md

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,17 @@ The goal of the [Shared Signals](http://openid.net/wg/sharedsignals/) Working Gr
66
* Prevent malicious actors from leveraging compromises of accounts, devices, services, endpoints, or other principals or resources to gain unauthorized access to additional systems or resources.
77
* Enable users, administrators, and service providers to coordinate in order to detect and respond to incidents.
88

9+
## Current Development Drafts
10+
The current drafts of the specifications under development are kept here:
11+
12+
| Specification | HTML | TXT |
13+
|--------------------------|---------|--------|
14+
| Shared Signals Framework | [HTML](https://openid.github.io/sharedsignals/openid-sharedsignals-framework-1_0.html)| [TXT](https://openid.github.io/sharedsignals/openid-sharedsignals-framework-1_0.txt)|
15+
| CAEP | [HTML](https://openid.github.io/sharedsignals/openid-caep-specification-1_0.html)| [TXT](https://openid.github.io/sharedsignals/openid-caep-specification-1_0.txt)|
16+
| RISC | [HTML](https://openid.github.io/sharedsignals/openid-risc-profile-specification-1_0.html)| [TXT](https://openid.github.io/sharedsignals/openid-risc-profile-specification-1_0.txt)|
17+
18+
19+
920
## Development
1021

1122
To change the spec, update one of the xml files and then run `make` as follows:
@@ -16,4 +27,6 @@ Similarly, to update the text file, you would run `make foo.txt`
1627

1728
Pay attention to errors generating the files and warnings about the document date. You should update the date to today's date.
1829

19-
In order to run `make` you need to install `xml2rfc` which can be done via pip: `pip install xml2rfc`
30+
In order to run `make` you need to:
31+
1. install `xml2rfc` which can be done via pip: `pip install xml2rfc`
32+
1. install `kramdown-rfc` which can be done via Ruby gems: `gem install kramdown-rfc`

openid-caep-specification-1_0.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -689,6 +689,7 @@ NOTE: The event type URI is wrapped, the backslash is the continuation character
689689
{: #device-compliance-change-examples-out-of-compliance title="Example: Device No Longer Compliant - Complex Subject + optional claims"}
690690

691691
--- back
692+
692693
# Acknowledgements
693694

694695
The authors wish to thank all members of the OpenID Foundation Shared Signals

openid-risc-profile-specification-1_0.xml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -116,7 +116,7 @@
116116
"subject": {
117117
"format": "iss_sub",
118118
"iss": "https://idp.example.com/",
119-
"sub": "7375626A656374",
119+
"sub": "7375626A656374"
120120
}
121121
}
122122
}
@@ -165,7 +165,7 @@
165165
"iss": "https://idp.example.com/",
166166
"sub": "7375626A656374",
167167
},
168-
"reason": "hijacking",
168+
"reason": "hijacking"
169169
}
170170
}
171171
}
@@ -217,9 +217,9 @@
217217
identifier-changed": {
218218
"subject": {
219219
"format": "email",
220-
"email": "john.doe@example.com",
220+
"email": "john.doe@example.com"
221221
},
222-
"new-value": "john.roe@example.com",
222+
"new-value": "john.roe@example.com"
223223
}
224224
}
225225
}
@@ -251,7 +251,7 @@
251251
identifier-recycled": {
252252
"subject": {
253253
"format": "email",
254-
"email": "foo@example.com",
254+
"email": "foo@example.com"
255255
}
256256
}
257257
}

openid-sharedsignals-framework-1_0.html

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2874,7 +2874,8 @@ <h5 id="name-updating-a-streams-configur">
28742874
request MUST NOT be changed by the Transmitter.<a href="#section-7.1.1.3-2" class="pilcrow"></a></p>
28752875
<p id="section-7.1.1.3-3">Transmitter-Supplied properties beside the stream_id MAY be present,
28762876
but they MUST match the expected value. Missing Transmitter-Supplied
2877-
properties will be ignored by the Transmitter.<a href="#section-7.1.1.3-3" class="pilcrow"></a></p>
2877+
properties MUST be ignored by the Transmitter. The <code>events_delivered</code> property,
2878+
if present, MUST match the Transmitter's expected value before any updates are applied.<a href="#section-7.1.1.3-3" class="pilcrow"></a></p>
28782879
<p id="section-7.1.1.3-4">The following is a non-normative example request to replace an Event Stream's
28792880
configuration:<a href="#section-7.1.1.3-4" class="pilcrow"></a></p>
28802881
<span id="name-example-update-stream-confi"></span><div id="figupdateconfigreq">
@@ -2997,7 +2998,8 @@ <h5 id="name-replacing-a-streams-configu">
29972998
<span>[<a href="#RFC7159" class="cite xref">RFC7159</a>]</span> representation, then make a replacement request.<a href="#section-7.1.1.4-2" class="pilcrow"></a></p>
29982999
<p id="section-7.1.1.4-3">Transmitter-Supplied properties besides the stream_id MAY be present,
29993000
but they MUST match the expected value. Missing Transmitter-Supplied
3000-
properties will be ignored by the Transmitter.<a href="#section-7.1.1.4-3" class="pilcrow"></a></p>
3001+
properties MUST be ignored by the Transmitter. The <code>events_delivered</code> property,
3002+
if present, MUST match the Transmitter's expected value <em>before</em> any updates are applied.<a href="#section-7.1.1.4-3" class="pilcrow"></a></p>
30013003
<p id="section-7.1.1.4-4">The following is a non-normative example request to replace an Event Stream's
30023004
configuration:<a href="#section-7.1.1.4-4" class="pilcrow"></a></p>
30033005
<span id="name-example-replace-stream-conf"></span><div id="figreplaceconfigreq">
@@ -3023,7 +3025,7 @@ <h5 id="name-replacing-a-streams-configu">
30233025
"urn:example:secevent:events:type_2",
30243026
"urn:example:secevent:events:type_3",
30253027
"urn:example:secevent:events:type_4"
3026-
],
3028+
]
30273029
}
30283030
</pre>
30293031
</div>
@@ -3542,6 +3544,20 @@ <h4 id="name-subjects">
35423544
<p id="section-7.1.3-1">An Event Receiver can indicate to an Event Transmitter whether or not the
35433545
receiver wants to receive events about a particular subject by "adding" or
35443546
"removing" that subject to the Event Stream, respectively.<a href="#section-7.1.3-1" class="pilcrow"></a></p>
3547+
<p id="section-7.1.3-2">If a Receiver adds a subject to a stream, the Transmitter SHOULD send any events
3548+
relating to the subject, which have event_types that the Receiver has subscribed to,
3549+
and both the stream and the subject are enabled. In the case of Simple Subjects,
3550+
two subjects match if they are exactly identical. For Complex Subjects, two subjects
3551+
match if, for all fields in the Complex Subject (i.e. <code>user</code>, <code>group</code>, <code>device</code>, etc.),
3552+
at least one of the following statements is true:<a href="#section-7.1.3-2" class="pilcrow"></a></p>
3553+
<ol start="1" type="1" class="normal type-1" id="section-7.1.3-3">
3554+
<li id="section-7.1.3-3.1">Subject 1's field is not defined<a href="#section-7.1.3-3.1" class="pilcrow"></a>
3555+
</li>
3556+
<li id="section-7.1.3-3.2">Subject 2's field is not defined<a href="#section-7.1.3-3.2" class="pilcrow"></a>
3557+
</li>
3558+
<li id="section-7.1.3-3.3">Subject 1's field is identical to Subject 2's field<a href="#section-7.1.3-3.3" class="pilcrow"></a>
3559+
</li>
3560+
</ol>
35453561
<div id="adding-a-subject-to-a-stream">
35463562
<section id="section-7.1.3.1">
35473563
<h5 id="name-adding-a-subject-to-a-strea">

openid-sharedsignals-framework-1_0.md

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1207,7 +1207,8 @@ request MUST NOT be changed by the Transmitter.
12071207

12081208
Transmitter-Supplied properties beside the stream_id MAY be present,
12091209
but they MUST match the expected value. Missing Transmitter-Supplied
1210-
properties will be ignored by the Transmitter.
1210+
properties MUST be ignored by the Transmitter. The `events_delivered` property,
1211+
if present, MUST match the Transmitter's expected value before any updates are applied.
12111212

12121213
The following is a non-normative example request to replace an Event Stream’s
12131214
configuration:
@@ -1292,7 +1293,8 @@ deleted. Event Receivers MAY read the configuration first, modify the JSON
12921293

12931294
Transmitter-Supplied properties besides the stream_id MAY be present,
12941295
but they MUST match the expected value. Missing Transmitter-Supplied
1295-
properties will be ignored by the Transmitter.
1296+
properties MUST be ignored by the Transmitter. The `events_delivered` property,
1297+
if present, MUST match the Transmitter's expected value _before_ any updates are applied.
12961298

12971299
The following is a non-normative example request to replace an Event Stream’s
12981300
configuration:
@@ -1317,7 +1319,7 @@ Authorization: Bearer eyJ0b2tlbiI6ImV4YW1wbGUifQo=
13171319
"urn:example:secevent:events:type_2",
13181320
"urn:example:secevent:events:type_3",
13191321
"urn:example:secevent:events:type_4"
1320-
],
1322+
]
13211323
}
13221324
~~~
13231325
{: title="Example: Replace Stream Configuration Request" #figreplaceconfigreq}
@@ -1648,6 +1650,19 @@ An Event Receiver can indicate to an Event Transmitter whether or not the
16481650
receiver wants to receive events about a particular subject by “adding” or
16491651
“removing” that subject to the Event Stream, respectively.
16501652

1653+
If a Receiver adds a subject to a stream, the Transmitter SHOULD send any events
1654+
relating to the subject, which have event_types that the Receiver has subscribed to,
1655+
and both the stream and the subject are enabled. In the case of Simple Subjects,
1656+
two subjects match if they are exactly identical. For Complex Subjects, two subjects
1657+
match if, for all fields in the Complex Subject (i.e. `user`, `group`, `device`, etc.),
1658+
at least one of the following statements is true:
1659+
1660+
1. Subject 1's field is not defined
1661+
1662+
2. Subject 2's field is not defined
1663+
1664+
3. Subject 1's field is identical to Subject 2's field
1665+
16511666
#### Adding a Subject to a Stream {#adding-a-subject-to-a-stream}
16521667
To add a subject to an Event Stream, the Event Receiver makes an HTTP POST
16531668
request to the Add Subject Endpoint, containing in the body a JSON object the

0 commit comments

Comments
 (0)