-
Notifications
You must be signed in to change notification settings - Fork 19
Description
I wanted to capture some conflicting examples in the SSF spec document, if these have already been addressed for the up coming V1-Final effort you can disregard.
- In the example of "conforming events" defined in The SSF Standard, Section 5 The
txnfield defined in the examples are json numeric values
"iat": 1520364019,
"txn": 8675309,
"aud": "636C69656E745F6964",
However the txn claim is defined here in the SET token standard, is defined as an Optional String
"txn" (Transaction Identifier) Claim
An OPTIONAL string value that represents a unique transaction
identifier. In cases in which multiple related JWTs are issued,
the transaction identifier claim can be used to correlate these
related JWTs. Note that this claim can be used in JWTs that are
SETs and also in JWTs using non-SET profiles.
So all of these examples should be updated to quote the txn value.
- The CAEP event defined in the events claims does not match the format as defined in the CAEP Standard
thereason_adminandreason_userare defined as a JSON OBJECT that is a set of BCP47 (RFC5646) language tags, with their localized display string. So to correct the above example, it should be
{
...,
"reason_admin" : {
"en" : "Policy Violation: C076E82F"
},
"reason_user" : {
"en" : "Landspeed violation."
}
}
-
In section [10.1.3] there is an example with a
sub_idwithformat = phone. This is not a valid id according to this spec, it should bephone_numberas defined in
Subject Identifiers -
In section [10.1.3] there is another example, where the CAEP event uses the event URL:
https://schemas.openid.net/secevent/caep/event-type/token-claims-changedwith
an "ed" on the end of change, but in the spec here
you can see it's defined as:https://schemas.openid.net/secevent/caep/event-type/token-claims-changewithout the "ed".