This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Security Event Token
Security Event Token

Version management

Difference between version and

At line 1 added 23 lines
!!! Overview
[{$pagename}] ([SET]) is defined in [RFC 8417] and defines the Security Event token, which may be distributed via a protocol such as [HTTP].
[{$pagename}] specification profiles the [JSON Web Token] ([JWT]) and may be optionally [signed|JSON Web Signature] and/or [encrypted|JSON Web Encryption].
[{$pagename}] describes a statement of fact that may be shared by an event publisher with event subscribers.
The following new [claims] are defined by this specification:
!! events (Security Events)
"events" Claim This claim contains a set of event statements that each provide information describing a single logical event that has occurred about a security subject (e.g., a state change to the subject). Multiple event identifiers with the same value MUST NOT be used. The "events" claim MUST NOT be used to express multiple independent logical events.
The value of the "events" claim is a [JSON Object] whose members are name/value pairs whose names are [URIs] identifying the [event] statements being expressed. Event identifiers SHOULD be stable values (e.g., a permanent URL for an event specification). For each name present, the corresponding value MUST be a JSON object. The JSON object MAY be an empty object ("{}"), or it MAY be a JSON object containing data described by the profiling specification.
!! "txn" (Transaction Identifier) Claim
txn is An [OPTIONAL] string value that represents a unique [transaction] identifier. In cases in which multiple related [JWTs] are issued, the transaction identifier claim can be used to correlate these related [JWTs]. Note that this claim can be used in [JWTs] that are SETs and also in JWTs using non-SET profiles.
!! "toe" (Time of Event) Claim
"toe" is a value that represents the date and time at which the event occurred. This value is a [NumericDate] (see Section 2 of [RFC 7519]). By omitting this claim, the issuer indicates that they are not sharing an event time with the recipient. (Note that in some use cases, the represented time might be approximate; statements about the accuracy of this field MAY be made by profiling specifications.) This claim is [OPTIONAL].!! Structured Syntax Suffix Registration
[IANA] has registered the "+jwt" [Structured Syntax Suffix] [RFC 6838] in the "Structured Syntax Suffix" registry [IANA.StructuredSuffix] in the manner described in [RFC 6838], which can be used to indicate that the media type is encoded as a [JWT].
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop