Internet DRAFT - draft-hunt-idevent-token
draft-hunt-idevent-token
Network Working Group P. Hunt, Ed.
Internet-Draft Oracle
Intended status: Standards Track W. Denniss
Expires: October 10, 2016 Google
M. Ansari
Cisco
April 8, 2016
Identity Event Token
draft-hunt-idevent-token-01
Abstract
This specification defines an Identity Event token which may be
distributed via a protocol such as HTTP. An identity event token is
based on the JSON Web Token and may be optionally signed and/or
encrypted. It describes a statement of fact that may be shared by an
event publisher with registered subscribers.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 10, 2016.
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Hunt, et al. Expires October 10, 2016 [Page 1]
�
Internet-Draft draft-hunt-idevent-token April 2016
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction and Overview . . . . . . . . . . . . . . . . . . 2
1.1. Notational Conventions . . . . . . . . . . . . . . . . . 4
1.2. Definitions . . . . . . . . . . . . . . . . . . . . . . . 4
2. Events . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1. Core Event Attributes . . . . . . . . . . . . . . . . . . 7
2.2. Event Token Construction . . . . . . . . . . . . . . . . 8
3. Security Considerations . . . . . . . . . . . . . . . . . . . 11
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
4.1. Registration of Event URN Sub-namespace . . . . . . . . . 11
4.2. Event Registry . . . . . . . . . . . . . . . . . . . . . 11
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.1. Normative References . . . . . . . . . . . . . . . . . . 12
5.2. Informative References . . . . . . . . . . . . . . . . . 12
Appendix A. Contributors . . . . . . . . . . . . . . . . . . . . 13
Appendix B. Acknowledgments . . . . . . . . . . . . . . . . . . 13
Appendix C. Change Log . . . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13
1. Introduction and Overview
This specification defines an extensible event token format which may
be exchanged using protocols such as HTTP. The specification builds
on the JSON Web Token format [RFC7519] in order to provide a self-
contained message "token" that can be optionally signed using JSON
Web Signature [RFC7515] and/or encrypted using JSON Web Encryption
[RFC7516].
For the purpose of this specification an "event" is a statement of
fact by a publisher (also known as an issuer) that the state of a
resource it controls has changed in some way (explicitly or
implicitly). Based on some agreed upon criteria for an event feed,
the publisher distributes the event to the appropriate subscribers.
[[Background: to be removed from final specification]]At the time of
writing of this specifications there are several discussions
regarding the need for identity events. Some of these include:
o Events to allow SCIM resource co-ordination between SCIM domains.
o OAuth Token Revocation (see [RFC7009])
o OpenID Logout or downstream logout notification.
Hunt, et al. Expires October 10, 2016 [Page 2]
�
Internet-Draft draft-hunt-idevent-token April 2016
o Session Cancellation
o OpenID Risk Incident Sharing and Coordination (RISC) Events. See
[RISC]
o The HEART WG [HEART] which intends to define privacy and security
related events in health-related data sharing APIs.
This specification uses example SCIM events which are intended to be
non-normative for the purpose of showing how an event may be used in
practice.
A resource state change event typically includes explicit operation
events such as: a resource has been created, modified, removed, or
updated in some way.
In addition to explicit operations there may be higher-level
statements made that describe an effect resulting from a change. For
example, a publisher may wish to indicate that a user resource has
taken over an email identifier that may have been used in the past.
This cumulative event is a high-level statement that takes into
account that another resource had a personal identifier that
potentially conflicts with a newer resource. Because of the security
impact, the publisher wishes to notify its subscribers of the
identifier re-use. In this way, the event is not describing a
particular state change to a resource, it describes a meta-conclusion
based on its own business and security rules (this scenario is often
called an 'account takeover' event).
A subscriber having received an event, validates and interprets the
event and takes its own independent action, if any. For example,
having been informed of a personal identifier now being associated
with a different resource (i.e. is being used by someone-else), the
subscriber may choose to ensure that the new user is not granted
access to resources associated with the previous user.
Events SHOULD NOT be used to convey commands or requests. To do so
requires complex bidirectional signalling and error recovery
mechanisms which fall outside the scope of this specification. The
intent of this specification is to define a way of exchanging
historical statements of fact that subscribers may interpret for
their own use.
This specification is scoped to security and identity related events.
While event tokens may be used for other purposes, the specification
only considers security and privacy concerns relevant to identity and
personal information.
Hunt, et al. Expires October 10, 2016 [Page 3]
�
Internet-Draft draft-hunt-idevent-token April 2016
This specification may be optionally used with the identity event
subscription management specification which provides the details of
event feeds and how subscribers register for events(see
[idevent-subscription]), defines a protocol registry for event
transmission methods including transmission using HTTP.
1.1. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. These
keywords are capitalized when used to unambiguously specify
requirements of the protocol or application features and behavior
that affect the interoperability and security of implementations.
When these words are not capitalized, they are meant in their
natural-language sense.
For purposes of readability examples are not URL encoded.
Implementers MUST percent encode URLs as described in Section 2.1 of
[RFC3986].
Throughout this documents all figures MAY contain spaces and extra
line-wrapping for readability and space limitations. Similarly, some
URI's contained within examples, have been shortened for space and
readability reasons.
1.2. Definitions
The following definitions are used with Identity Events:
Feed Publisher
The Feed Provider publishes events to be distributed to registered
subscribers. In JWT terminology, the Feed Publisher is also known
as the issuer "iss").
Event
An event is a resource change statement that is to be distributed
to one or more registered subscribers. An event is constructed as
a JWT token and MAY be signed or encrypted using JWS/JWE for
authentication and confidentiality reasons.
Feed
A feed is a URI that describes the set of resources and events
under which events may be issued. An interested client registers
with the Feed Provider to subscribe to events associated with a
feed. When expressed in a JWT token, a feed is defined as the
event's audience ("aud").
Hunt, et al. Expires October 10, 2016 [Page 4]
�
Internet-Draft draft-hunt-idevent-token April 2016
Subscriber
A Subscriber registers to receive event notifications from a Feed
Provider using a protocol such as HTTP.
2. Events
An identity event conveys a message (in the form of a JWT token
[RFC7519]) about a resource (i.e. a security subject) that may be of
interest to a subscriber or set of subscribers participating in an
event feed (see [idevent-subscription]).
In addition to the JWT attributes "iss" and "aud", an event message
contains the attribute "events" with at least one value. The event
URI values indicate what event information (attributes) and what type
of event (e.g. resource modified) is contained in the event message.
The definition of registered events are found in the event registry
(see Section 4.2), and implementers are free to define their own
event types.
The schema and structure of an event follows the JWT [RFC7519]. An
event JWT has the following characteristics:
o a common set of attributes common to every event, and
o one or more event extensions that each contain a set of attributes
that belonging to an extension.
Hunt, et al. Expires October 10, 2016 [Page 5]
�
Internet-Draft draft-hunt-idevent-token April 2016
The following is a non-normative example showing a password change
event that conveys a SCIM event (see [idevent-scim]):
{
"jti": "3d0c3cf797584bd193bd0fb1bd4e7d30",
"events":[
"urn:ietf:params:event:SCIM:password",
"https://example.com/event/password"
],
"iat": 1458496025,
"iss": "https://scim.example.com",
"aud":[
"https://jhub.example.com/Feeds/98d52461fa5bbc879593b7754",
"https://jhub.example.com/Feeds/5d7604516b1d08641d7676ee7"
],
"sub":
"https://scim.example.com/Users/44f6142df96bd6ab61e7521d9",
"urn:ietf:params:event:SCIM:password":{
"id":"44f6142df96bd6ab61e7521d9",
},
"https://example.com/scim/event/password":{
"resetAttempts":5
}
}
Figure 1: Example SCIM Password Reset Event
The event in the figure above expresses hypothetical password reset
event for SCIM. The JWT consists of an "iss" attribute which denotes
the event publisher. The "aud" attribute specifies the intended
audience for the event. In practical terms this MAY be the the URI
for the event feed that a client has subscribed to.
Additional extensions to an event may be added by adding more values
to the "events" attribute. For each event URI value specified, there
is a corresponding attribute that has its on JSON object that
contains the attributes associated with that event (e.g.
"https://example.com/scim/event/password"). In this example, the
SCIM event indicates that a password has been updated and the current
password reset count is 5. Notice that the value for "resetAttempts"
is actually part of its own JSON object
"https://example.com/scim/event/password".
Hunt, et al. Expires October 10, 2016 [Page 6]
�
Internet-Draft draft-hunt-idevent-token April 2016
Here is another example event message, this one for a Back-Channel
Logout Token:
{
"iss": "https://server.example.com",
"aud": "s6BhdRkqt3",
"jti": "3d0c3cf797584bd193bd0fb1bd4e7d30",
"sub": "248289761001",
"iat": 1458668180,
"exp": 1458668580,
"events": [
"https://specs.openid.net/logout"
],
"https://specs.openid.net/logout": {
"sid": "08a5019c-17e1-4977-8f42-65a12843ea02"
}
}
Figure 2: Example OpenID Logout Event
2.1. Core Event Attributes
The following are attributes that are based on [RFC7519] claim
definitions and are profiled for use in an event message:
jti
As defined by Section 4.1.7 [RFC7519] contains a unique identifier
for an event. The identifier SHOULD be unique within a particular
event feed and MAY be used by clients to track whether a
particular event has already been received. This attribute is
REQUIRED. [[Do we need a way to detect order of or missing
events? Or should this be provided by the subscription spec?]]
iss
A single valued String containing the URI of the service provider
publishing the event (the issuer). For example, in SCIM, this is
the SCIM Service Provider's root endpoint. This attribute is
REQUIRED.
aud
A multi-valued String containing the URIs representing the
audience of the event. Values are typically URLs of the feeds the
event is associated with. When an event has multiple audiences
that go to the same subscriber, the publisher is not obligated to
deliver repeated events to the same subscriber. This attribute is
RECOMMENDED.
iss
Hunt, et al. Expires October 10, 2016 [Page 7]
�
Internet-Draft draft-hunt-idevent-token April 2016
A single valued String containing the URI of the service provider
publishing the event (the issuer). For example, in SCIM
[RFC7644], this is the SCIM Service Provider's root endpoint.
This attribute is REQUIRED.
sub
A value that identifies the subject of the event. This SHOULD be
the URI of the affected resource. Some example resources include:
users, tokens, grants, sessions, and any addressable resource
about which a change in state may be described. This attribute is
REQUIRED.
iat
As defined by Section 4.1.6 [RFC7519], a value containing a
NumericDate which represents when the event was issued. Unless
otherwise specified, the value SHOULD be interpreted by the
subscriber as equivalent to the actual time of the event. This
attribute is REQUIRED. [[DISCUSS: DO WE NEED TO DIFFERENTIATE?]]
nbf
As defined by Section 4.1.5 [RFC7519], a value containing a
NumericDate which represents a future date when the event will
occur. This attribute is OPTIONAL.
The following are new attributes defined by this specification:
events
A multi-valued String that contains the URIs of events contained
within the JWT. Values in this attribute further indicate what
other JSON objects are present within the parent JSON event
structure. Each OPTIONAL JSON sub-object is denoted by an
attribute that matches a value in "events". This attribute is
REQUIRED.
2.2. Event Token Construction
An Event Token is a JWT [RFC7519] that is constructed by building a
JSON structure that constitutes an event object and which is then
used as the body of a JWT.
While this specification uses JWT to convey an event message,
implementers SHALL NOT use these events to convey authentication or
authorization assertions.
Hunt, et al. Expires October 10, 2016 [Page 8]
�
Internet-Draft draft-hunt-idevent-token April 2016
The following is an example event message(it has been modified for
readability):
{
"jti": "4d3559ec67504aaba65d40b0363faad8",
"iat": 1458496404,
"iss": "https://scim.example.com",
"aud":[
"https://scim.example.com/Feeds/98d52461fa5bbc879593b7754",
"https://scim.example.com/Feeds/5d7604516b1d08641d7676ee7"
],
"sub": "https://scim.example.com/Users/44f6142df96bd6ab61e7521d9",
"events":[
"urn:ietf:params:event:SCIM:create"
],
"urn:ietf:params:event:SCIM:create":{
"attributes":["id","name","userName","password","emails"],
"values":{
"emails":[
{"type":"work","value":"jdoe@example.com"}
],
"password":"not4u2no",
"userName":"jdoe",
"id":"44f6142df96bd6ab61e7521d9",
"name":{
"givenName":"John",
"familyName":"Doe"
}
}
}
}
Figure 3: Example Event JSON Data
When transmitted, the above JSON body must be converted into a JWT as
per [RFC7519]. In this example, because the event contains attribute
values, the token MUST be encrypted per JWE (see [RFC7516]) before
transmission.
The following is an example of a SCIM Event expressed in an unsecured
JWT token. The JWT header of:
{"alg":"none"}
Base64url encoding of the octets of the UTF-8 representation of the
header yields:
eyJhbGciOiJub25lIn0
Hunt, et al. Expires October 10, 2016 [Page 9]
�
Internet-Draft draft-hunt-idevent-token April 2016
The example JSON Event Data is encoded as follows:
eyAgCiAgImp0aSI6ICI0ZDM1NTllYzY3NTA0YWFiYTY1ZDQwYjAzNjNmYWFkOCIs
CiAgImV2ZW50VXJpcyI6WwogICAgInVybjppZXRmOnBhcmFtczpldmVudDpTQ0lN
OmNyZWF0ZSIKICBdLAogICJpYXQiOiAxNDU4NDk2NDA0LAogICJpc3MiOiAiaHR0
cHM6Ly9zY2ltLmV4YW1wbGUuY29tIiwgIAogICJhdWQiOlsKICAgImh0dHBzOi8v
c2NpbS5leGFtcGxlLmNvbS9GZWVkcy85OGQ1MjQ2MWZhNWJiYzg3OTU5M2I3NzU0
IiwKICAgImh0dHBzOi8vc2NpbS5leGFtcGxlLmNvbS9GZWVkcy81ZDc2MDQ1MTZi
MWQwODY0MWQ3Njc2ZWU3IgogIF0sICAKICAic3ViIjogImh0dHBzOi8vc2NpbS5l
eGFtcGxlLmNvbS9Vc2Vycy80NGY2MTQyZGY5NmJkNmFiNjFlNzUyMWQ5IiwKICAi
dXJuOmlldGY6cGFyYW1zOmV2ZW50OlNDSU06Y3JlYXRlIjp7CiAgICAiYXR0cmli
dXRlcyI6WyJpZCIsIm5hbWUiLCJ1c2VyTmFtZSIsInBhc3N3b3JkIiwiZW1haWxz
Il0sCiAgICAidmFsdWVzIjp7CiAgICAgICJlbWFpbHMiOlsKICAgICAgIHsidHlw
ZSI6IndvcmsiLCJ2YWx1ZSI6Impkb2VAZXhhbXBsZS5jb20ifQogICAgICBdLAog
ICAgICAicGFzc3dvcmQiOiJub3Q0dTJubyIsCiAgICAgICJ1c2VyTmFtZSI6Impk
b2UiLAogICAgICAiaWQiOiI0NGY2MTQyZGY5NmJkNmFiNjFlNzUyMWQ5IiwKICAg
ICAgIm5hbWUiOnsKICAgICAgICAiZ2l2ZW5OYW1lIjoiSm9obiIsCiAgICAgICAg
ImZhbWlseU5hbWUiOiJEb2UiCiAgICAgIH0KICAgIH0gIAogIH0KfQ
The encoded JWS signature is the empty string. Concatenating the
parts yields:
eyJhbGciOiJub25lIn0
.
eyAgCiAgImp0aSI6ICI0ZDM1NTllYzY3NTA0YWFiYTY1ZDQwYjAzNjNmYWFkOCIs
CiAgImV2ZW50VXJpcyI6WwogICAgInVybjppZXRmOnBhcmFtczpldmVudDpTQ0lN
OmNyZWF0ZSIKICBdLAogICJpYXQiOiAxNDU4NDk2NDA0LAogICJpc3MiOiAiaHR0
cHM6Ly9zY2ltLmV4YW1wbGUuY29tIiwgIAogICJhdWQiOlsKICAgImh0dHBzOi8v
c2NpbS5leGFtcGxlLmNvbS9GZWVkcy85OGQ1MjQ2MWZhNWJiYzg3OTU5M2I3NzU0
IiwKICAgImh0dHBzOi8vc2NpbS5leGFtcGxlLmNvbS9GZWVkcy81ZDc2MDQ1MTZi
MWQwODY0MWQ3Njc2ZWU3IgogIF0sICAKICAic3ViIjogImh0dHBzOi8vc2NpbS5l
eGFtcGxlLmNvbS9Vc2Vycy80NGY2MTQyZGY5NmJkNmFiNjFlNzUyMWQ5IiwKICAi
dXJuOmlldGY6cGFyYW1zOmV2ZW50OlNDSU06Y3JlYXRlIjp7CiAgICAiYXR0cmli
dXRlcyI6WyJpZCIsIm5hbWUiLCJ1c2VyTmFtZSIsInBhc3N3b3JkIiwiZW1haWxz
Il0sCiAgICAidmFsdWVzIjp7CiAgICAgICJlbWFpbHMiOlsKICAgICAgIHsidHlw
ZSI6IndvcmsiLCJ2YWx1ZSI6Impkb2VAZXhhbXBsZS5jb20ifQogICAgICBdLAog
ICAgICAicGFzc3dvcmQiOiJub3Q0dTJubyIsCiAgICAgICJ1c2VyTmFtZSI6Impk
b2UiLAogICAgICAiaWQiOiI0NGY2MTQyZGY5NmJkNmFiNjFlNzUyMWQ5IiwKICAg
ICAgIm5hbWUiOnsKICAgICAgICAiZ2l2ZW5OYW1lIjoiSm9obiIsCiAgICAgICAg
ImZhbWlseU5hbWUiOiJEb2UiCiAgICAgIH0KICAgIH0gIAogIH0KfQ.
Figure 4: Example Unsecured Event Token
To create and or validate a signed or encrypted event token follow
the instructions in section 7 of [RFC7519].
Hunt, et al. Expires October 10, 2016 [Page 10]
�
Internet-Draft draft-hunt-idevent-token April 2016
3. Security Considerations
[[TO BE COMPLETED ]]
o Avoid using Maximal disclosure mode
o Use TLS best practices.
o Subscribers SHOULD use SCIM GET to obtain full state when not
disclosed in the event.
o Subscribers MAY use SCIM GET to get the latest state on a resource
and discard events with iat and nbf that is older.
o Subscribers must authenticae the message using either TLS, and/or
validating signed event messages.
o Publishers should avoid retaining events except for audit
purposes. Events should not be accessible indefinitely - re: LDAP
changelog problems.
4. IANA Considerations
4.1. Registration of Event URN Sub-namespace
IANA has added an entry to the "IETF URN Sub-namespace for Registered
Protocol Parameter Identifiers" registry and created a sub-namespace
for the Registered Parameter Identifier as per [RFC3553]:
"urn:ietf:params:event".
To manage this sub-namespace, IANA is requested to create the "Event"
Registry which shall be used to manage entries within the
"urn:ietf:params:scim" namespace. The registry description is as
follows:
o Registry name: Event
o Specification: [this document]
o Repository: [see Section 4.2]
o Index value: values [see Section 4.2]
4.2. Event Registry
[[TO BE COMPLETED]]
Hunt, et al. Expires October 10, 2016 [Page 11]
�
Internet-Draft draft-hunt-idevent-token April 2016
5. References
5.1. Normative References
[idevent-subscription]
Oracle Corporation, "Identity Event Subscription Protocol
(work in progress)".
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC3553] Mealling, M., Masinter, L., Hardie, T., and G. Klyne, "An
IETF URN Sub-namespace for Registered Protocol
Parameters", BCP 73, RFC 3553, DOI 10.17487/RFC3553, June
2003, <http://www.rfc-editor.org/info/rfc3553>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005,
<http://www.rfc-editor.org/info/rfc3986>.
[RFC5988] Nottingham, M., "Web Linking", RFC 5988,
DOI 10.17487/RFC5988, October 2010,
<http://www.rfc-editor.org/info/rfc5988>.
[RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
2014, <http://www.rfc-editor.org/info/rfc7159>.
[RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
(JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015,
<http://www.rfc-editor.org/info/rfc7519>.
[RFC7643] Hunt, P., Ed., Grizzle, K., Wahlstroem, E., and C.
Mortimore, "System for Cross-domain Identity Management:
Core Schema", RFC 7643, DOI 10.17487/RFC7643, September
2015, <http://www.rfc-editor.org/info/rfc7643>.
5.2. Informative References
[HEART] The OpenId Foundation, "HEART Working Group (work in
progress)".
[idevent-scim]
Oracle Corporation, "SCIM Event Extensions (work in
progress)".
Hunt, et al. Expires October 10, 2016 [Page 12]
�
Internet-Draft draft-hunt-idevent-token April 2016
[RFC7009] Lodderstedt, T., Ed., Dronia, S., and M. Scurtescu, "OAuth
2.0 Token Revocation", RFC 7009, DOI 10.17487/RFC7009,
August 2013, <http://www.rfc-editor.org/info/rfc7009>.
[RFC7515] Jones, M., Bradley, J., and N. Sakimura, "JSON Web
Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May
2015, <http://www.rfc-editor.org/info/rfc7515>.
[RFC7516] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)",
RFC 7516, DOI 10.17487/RFC7516, May 2015,
<http://www.rfc-editor.org/info/rfc7516>.
[RFC7517] Jones, M., "JSON Web Key (JWK)", RFC 7517,
DOI 10.17487/RFC7517, May 2015,
<http://www.rfc-editor.org/info/rfc7517>.
[RFC7644] Hunt, P., Ed., Grizzle, K., Ansari, M., Wahlstroem, E.,
and C. Mortimore, "System for Cross-domain Identity
Management: Protocol", RFC 7644, DOI 10.17487/RFC7644,
September 2015, <http://www.rfc-editor.org/info/rfc7644>.
[RISC] The OpenId Foundation, "RISC (Risk and Incident Sharing
and Coordination) Working Group (work in progress)".
Appendix A. Contributors
Appendix B. Acknowledgments
The editor would like to thank the participants in the id-events
mailing list and related working groups for their support of this
specification.
Appendix C. Change Log
Draft 00 - PH - First Draft
Authors' Addresses
Phil Hunt (editor)
Oracle Corporation
Email: phil.hunt@yahoo.com
William Denniss
Salesforce.com
Email: wdenniss@google.com
Hunt, et al. Expires October 10, 2016 [Page 13]
�
Internet-Draft draft-hunt-idevent-token April 2016
Morteza Ansari
Cisco
Email: morteza.ansari@cisco.com
Hunt, et al. Expires October 10, 2016 [Page 14]
