Add 'format' to stream config and normative examples in CAEP (each with different meanings)

FragLegs · FragLegs · commit fbad11881121 · 2023-07-25T14:54:50.000-04:00
diff --git a/openid-caep-specification-1_0.html b/openid-caep-specification-1_0.html
diff --git a/openid-caep-specification-1_0.md b/openid-caep-specification-1_0.md
@@ -38,7 +38,7 @@ normative:
   NIST-AUTH:
     target: https://pages.nist.gov/800-63-3/sp800-63-3.html
     title: "Digital Identity Guidelines, Authentication and Lifecycle Management"
-    author: 
+    author:
       -
         ins: P. Grassi
         name: Paul Grassi
@@ -52,7 +52,7 @@ normative:
   NIST-FED:
     target: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63c.pdf
     title: "Digital Identity Guidelines, Federation and Assertions"
-    author: 
+    author:
       -
         ins: P. A. Grassi
         name: Paul A. Grassi
@@ -68,7 +68,7 @@ normative:
       -
         ins: E. M. Nadeau
         name: Ellen M. Nadeau
-  NIST-IDPROOF: 
+  NIST-IDPROOF:
     target: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63a.pdf
     title: "Digital Identity Guidelines, Enrollment and Identity Proofing"
     author:
@@ -110,10 +110,10 @@ normative:
         name: John Bradley
         org: Yubico
     date: 2021-05
-  WebAuthn: 
+  WebAuthn:
     target: https://www.w3.org/TR/webauthn/
     title: "Web Authentication: An API for accessing Public Key Credentials Level 2"
-    author: 
+    author:
       -
         ins: D. Balfanz
         name: Dirk Balfanz
@@ -139,9 +139,9 @@ conform to the SSF Profile. This document specifies the event-types required to
 achieve this goal.
 
 ## Notational Considerations
-The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", 
-"SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this 
-document are to be interpreted as described in BCP 14 {{RFC2119}} {{RFC8174}} 
+The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
+"SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this
+document are to be interpreted as described in BCP 14 {{RFC2119}} {{RFC8174}}
 when, and only when, they appear in all capitals, as shown here.
 
 # Optional Event Claims {#optional-event-claims}
@@ -150,7 +150,7 @@ definition.
 
 event_timestamp
 : OPTIONAL, JSON number: the time at which the event described by this SET
-  occurred. Its value is a JSON number representing the number of seconds 
+  occurred. Its value is a JSON number representing the number of seconds
   from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
 
 initiating_entity
@@ -210,15 +210,15 @@ Event Type URI:
 
 `https://schemas.openid.net/secevent/caep/event-type/session-revoked`
 
-Session Revoked signals that the session identified by the subject has been 
-revoked. The explicit session identifier may be directly referenced in the 
+Session Revoked signals that the session identified by the subject has been
+revoked. The explicit session identifier may be directly referenced in the
 subject or other properties of the session may be included to allow the
 receiver to identify applicable sessions.
 
-When a Complex Claim is used as the subject, the revocation event applies 
+When a Complex Claim is used as the subject, the revocation event applies
 to any session derived from matching those combined claims.
 
-The actual reason why the session was revoked might be specified with the 
+The actual reason why the session was revoked might be specified with the
 nested `reason_admin` and/or `reason_user` claims described in {{optional-event-claims}}.
 
 ### Event-Specific Claims {#session-revoked-claims}
@@ -260,6 +260,7 @@ NOTE: The event type URI is wrapped, the backslash is the continuation character
     "events": {
         "https://schemas.openid.net/secevent/caep/event-type/session-revoked": {
             "subject": {
+                "format": "complex",
                 "session": {
                   "format": "opaque",
                   "id": "dMTlD|1600802906337.16|16008.16"
@@ -298,6 +299,7 @@ NOTE: The event type URI is wrapped, the backslash is the continuation character
     "events": {
         "https://schemas.openid.net/secevent/caep/event-type/session-revoked": {
             "subject": {
+                "format": "complex",
                 "user": {
                     "format": "iss_sub",
                     "iss": "https://idp.example.com/123456789/",
@@ -333,10 +335,10 @@ Event Type URI:
 
 `https://schemas.openid.net/secevent/caep/event-type/token-claims-change`
 
-Token Claims Change signals that a claim in a token, identified by the 
-subject claim, has changed. 
+Token Claims Change signals that a claim in a token, identified by the
+subject claim, has changed.
 
-The actual reason why the claims change occurred might be specified with the 
+The actual reason why the claims change occurred might be specified with the
 nested `reason_admin` and/or `reason_user` claims made in {{optional-event-claims}}.
 
 ### Event-Specific Claims {#token-claims-change-claims}
@@ -435,14 +437,14 @@ Event Type URI:
 
 `https://schemas.openid.net/secevent/caep/event-type/credential-change`
 
-The Credential Change event signals that a credential was created, changed, 
+The Credential Change event signals that a credential was created, changed,
 revoked or deleted. Credential Change scenarios include:
 
   - password/PIN change/reset
   - certificate enrollment, renewal, revocation and deletion
   - second factor / passwordless credential enrollment or deletion (U2F, FIDO2, OTP, app-based)
 
-The actual reason why the credential change occurred might be specified with the 
+The actual reason why the credential change occurred might be specified with the
 nested `reason_admin` and/or `reason_user` claims made in {{optional-event-claims}}.
 
 ### Event-Specific Claims {#credential-change-claims}
@@ -522,19 +524,19 @@ Event Type URI:
 
 `https://schemas.openid.net/secevent/caep/event-type/assurance-level-change`
 
-The Assurance Level Change event signals that there has been a change in 
-authentication method since the initial user login. This change can be from 
-a weak authentication method to a strong authentication method, or vice versa. 
+The Assurance Level Change event signals that there has been a change in
+authentication method since the initial user login. This change can be from
+a weak authentication method to a strong authentication method, or vice versa.
 
-In the first scenario, Assurance Level Change will an increase, while in the 
-second scenario it will be a decrease. For example, a user can start a session 
-with Service Provider A using single factor authentication (such as a password). 
-The user can then open another session with Service Provider B using 
-two-factor authentication (such as OTP). In this scenario an increase 
-Assurance Level Change event will signal to Service Provider A that user has 
+In the first scenario, Assurance Level Change will an increase, while in the
+second scenario it will be a decrease. For example, a user can start a session
+with Service Provider A using single factor authentication (such as a password).
+The user can then open another session with Service Provider B using
+two-factor authentication (such as OTP). In this scenario an increase
+Assurance Level Change event will signal to Service Provider A that user has
 authenticated with a stronger authentication method.
 
-The actual reason why the assurance level changed might be specified with the 
+The actual reason why the assurance level changed might be specified with the
 nested `reason_admin` and/or `reason_user` claims made in {{optional-event-claims}}.
 
 ### Event-Specific Claims {#assurance-level-change-claims}
@@ -627,7 +629,7 @@ Event Type URI:
 
 Device Compliance Change signals that a device's compliance status has changed.
 
-The actual reason why the status change occurred might be specified with the 
+The actual reason why the status change occurred might be specified with the
 nested `reason_admin` and/or `reason_user` claims made in {{optional-event-claims}}.
 
 ### Event-Specific Claims {#device-compliance-change-claims}
@@ -662,6 +664,7 @@ NOTE: The event type URI is wrapped, the backslash is the continuation character
     "events": {
         "https://schemas.openid.net/secevent/caep/event-type/device-compliance-change": {
             "subject": {
+                "format": "complex",
                 "device": {
                     "format": "iss_sub",
                     "iss": "https://idp.example.com/123456789/",
diff --git a/openid-caep-specification-1_0.txt b/openid-caep-specification-1_0.txt
@@ -234,6 +234,7 @@ Cappalli & Tulshibagwale     Standards Track                    [Page 4]
        "events": {
            "https://schemas.openid.net/secevent/caep/event-type/session-revoked": {
                "subject": {
+                   "format": "complex",
                    "session": {
                      "format": "opaque",
                      "id": "dMTlD|1600802906337.16|16008.16"
@@ -276,7 +277,6 @@ Cappalli & Tulshibagwale     Standards Track                    [Page 4]
 
 
 
-
 Cappalli & Tulshibagwale     Standards Track                    [Page 5]
 
                                 CAEP-Spec                  February 2023
@@ -290,6 +290,7 @@ Cappalli & Tulshibagwale     Standards Track                    [Page 5]
        "events": {
            "https://schemas.openid.net/secevent/caep/event-type/session-revoked": {
                "subject": {
+                   "format": "complex",
                    "user": {
                        "format": "iss_sub",
                        "iss": "https://idp.example.com/123456789/",
@@ -328,8 +329,7 @@ Cappalli & Tulshibagwale     Standards Track                    [Page 5]
    https://schemas.openid.net/secevent/caep/event-type/token-claims-
    change
 
-   Token Claims Change signals that a claim in a token, identified by
-   the subject claim, has changed.
+
 
 
 
@@ -338,6 +338,9 @@ Cappalli & Tulshibagwale     Standards Track                    [Page 6]
                                 CAEP-Spec                  February 2023
 
 
+   Token Claims Change signals that a claim in a token, identified by
+   the subject claim, has changed.
+
    The actual reason why the claims change occurred might be specified
    with the nested reason_admin and/or reason_user claims made in
    Section 2.
@@ -386,9 +389,6 @@ Cappalli & Tulshibagwale     Standards Track                    [Page 6]
 
 
 
-
-
-
 Cappalli & Tulshibagwale     Standards Track                    [Page 7]
 
                                 CAEP-Spec                  February 2023
@@ -810,6 +810,7 @@ Cappalli & Tulshibagwale     Standards Track                   [Page 14]
        "events": {
            "https://schemas.openid.net/secevent/caep/event-type/device-compliance-change": {
                "subject": {
+                   "format": "complex",
                    "device": {
                        "format": "iss_sub",
                        "iss": "https://idp.example.com/123456789/",
@@ -836,7 +837,6 @@ Cappalli & Tulshibagwale     Standards Track                   [Page 14]
 
 
 
-
 Cappalli & Tulshibagwale     Standards Track                   [Page 15]
 
                                 CAEP-Spec                  February 2023
diff --git a/openid-sharedsignals-framework-1_0.html b/openid-sharedsignals-framework-1_0.html
@@ -2434,7 +2434,8 @@ <h5 id="name-creating-a-stream">
     "urn:example:secevent:events:type_2",
     "urn:example:secevent:events:type_3",
     "urn:example:secevent:events:type_4"
-  ]
+  ],
+  "format": "email"
 }
 </pre>
 </div>
@@ -2474,7 +2475,8 @@ <h5 id="name-creating-a-stream">
   "events_delivered": [
     "urn:example:secevent:events:type_2",
     "urn:example:secevent:events:type_3"
-  ]
+  ],
+  "format": "email"
 }
 </pre>
 </div>
@@ -2575,7 +2577,8 @@ <h5 id="name-reading-a-streams-configura">
   "events_delivered": [
     "urn:example:secevent:events:type_2",
     "urn:example:secevent:events:type_3"
-  ]
+  ],
+  "format": "complex"
 }
 </pre>
 </div>
@@ -2632,7 +2635,8 @@ <h5 id="name-reading-a-streams-configura">
     "events_delivered": [
       "urn:example:secevent:events:type_2",
       "urn:example:secevent:events:type_3"
-    ]
+    ],
+    "format": "iss_sub"
   },
   {
     "stream_id": "50b2d39934264897902c0581ba7c21a3",
@@ -2658,7 +2662,8 @@ <h5 id="name-reading-a-streams-configura">
     "events_delivered": [
       "urn:example:secevent:events:type_2",
       "urn:example:secevent:events:type_3"
-    ]
+    ],
+    "format": "opaque"
   }
 ]
 </pre>
@@ -2927,7 +2932,8 @@ <h5 id="name-replacing-a-streams-configu">
     "urn:example:secevent:events:type_2",
     "urn:example:secevent:events:type_3",
     "urn:example:secevent:events:type_4"
-  ]
+  ],
+  "format": "did"
 }
 </pre>
 </div>
@@ -2968,7 +2974,8 @@ <h5 id="name-replacing-a-streams-configu">
   "events_delivered": [
     "urn:example:secevent:events:type_2",
     "urn:example:secevent:events:type_3"
-  ]
+  ],
+  "format": "did"
 }
 </pre>
 </div>
diff --git a/openid-sharedsignals-framework-1_0.md b/openid-sharedsignals-framework-1_0.md
@@ -887,7 +887,8 @@ Authorization: Bearer eyJ0b2tlbiI6ImV4YW1wbGUifQo=
     "urn:example:secevent:events:type_2",
     "urn:example:secevent:events:type_3",
     "urn:example:secevent:events:type_4"
-  ]
+  ],
+  "format": "email"
 }
 ~~~
 {: #figcreatestreamreq title="Example: Create Event Stream Request"}
@@ -922,7 +923,8 @@ Content-Type: application/json
   "events_delivered": [
     "urn:example:secevent:events:type_2",
     "urn:example:secevent:events:type_3"
-  ]
+  ],
+  "format": "email"
 }
 ~~~
 {: #figcreatestreamresp title="Example: Create Stream Response"}
@@ -991,7 +993,8 @@ Cache-Control: no-store
   "events_delivered": [
     "urn:example:secevent:events:type_2",
     "urn:example:secevent:events:type_3"
-  ]
+  ],
+  "format": "complex"
 }
 ~~~
 {: title="Example: Read Stream Configuration Response" #figreadconfigresp}
@@ -1038,7 +1041,8 @@ Cache-Control: no-store
     "events_delivered": [
       "urn:example:secevent:events:type_2",
       "urn:example:secevent:events:type_3"
-    ]
+    ],
+    "format": "iss_sub"
   },
   {
     "stream_id": "50b2d39934264897902c0581ba7c21a3",
@@ -1064,7 +1068,8 @@ Cache-Control: no-store
     "events_delivered": [
       "urn:example:secevent:events:type_2",
       "urn:example:secevent:events:type_3"
-    ]
+    ],
+    "format": "opaque"
   }
 ]
 ~~~
@@ -1258,7 +1263,8 @@ Authorization: Bearer eyJ0b2tlbiI6ImV4YW1wbGUifQo=
     "urn:example:secevent:events:type_2",
     "urn:example:secevent:events:type_3",
     "urn:example:secevent:events:type_4"
-  ]
+  ],
+  "format": "did"
 }
 ~~~
 {: title="Example: Replace Stream Configuration Request" #figreplaceconfigreq}
@@ -1294,7 +1300,8 @@ Cache-Control: no-store
   "events_delivered": [
     "urn:example:secevent:events:type_2",
     "urn:example:secevent:events:type_3"
-  ]
+  ],
+  "format": "did"
 }
 ~~~
 {: title="Example: Replace Stream Configuration Response" #figreplaceconfigresp}
diff --git a/openid-sharedsignals-framework-1_0.txt b/openid-sharedsignals-framework-1_0.txt
