Security Event Token


Security Event Token (SET) defines the Security Event token, which may be distributed via a protocol such as HTTP.

Security Event Token specification profiles the JSON Web Token (JWT) and may be optionally signed and/or encrypted.

Security Event Token describes a statement of fact that may be shared by an event publisher with event subscribers.


The following definitions are used with Security Event Tokens:

Feed Publisher#

The Feed Publisher creates SETs to be distributed to registered subscribers. In JWT terminology, the Feed Publisher is also known as the issuer ("iss").


A Feed is a logical grouping of Security Event Tokens or a context under which Security Event Tokens may be issued. A Subscriber registers with the Feed Publisher to subscribe to Security Event Tokens associated with a Feed. How a Feed is defined or the method for subscription is out-of-scope of this specification.


A Subscriber registers to receive Security Event Tokens from a Feed Publisher using a protocol such as HTTP. The method of registration and delivery is out-of-scope of this specification.

Security Subject#

A Security Subject is the entity to which a Security Event Token refers. A Security Subject may be a principle (e.g., Section 4.1.2 RFC 7519), a web resource, or other thing such as an IP address that a Security Event Token might reference.

More Information#

There might be more information for this subject on one of the following: