Security Event Token (SET
) defines the Security Event token, which may be distributed via a protocol such as HTTP
Security Event Token specification profiles the JSON Web Token (JWT) and may be optionally signed and/or encrypted.
Security Event Token describes a statement of fact that may be shared by an event publisher with event subscribers.
The following definitions are used with Security Event Tokens:
The Feed Publisher creates SETs to be distributed to registered subscribers. In JWT
terminology, the Feed Publisher is also known as the issuer ("iss
A Feed is a logical grouping of Security Event Tokens or a context
under which Security Event Tokens may be issued. A Subscriber registers with the Feed Publisher to subscribe to Security Event Tokens associated with a Feed. How a Feed is defined or the method for subscription is out-of-scope of this specification.
A Subscriber registers to receive Security Event Tokens from a Feed Publisher using a protocol such as HTTP
. The method of registration and delivery is out-of-scope of this specification.
A Security Subject is the entity to which a Security Event Token refers. A Security Subject may be a principle (e.g., Section 4.1.2 RFC 7519
), a web resource, or other thing such as an IP address that a Security Event Token might reference.
There might be more information for this subject on one of the following: