Push-Based Security Event Token (SET) Delivery Using HTTP

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: yaronf.ietf@gmail.com, secevent-chairs@ietf.org, kaduk@mit.edu, id-event@ietf.org, rfc-editor@rfc-editor.org, The IESG <iesg@ietf.org>, draft-ietf-secevent-http-push@ietf.org, Yaron Sheffer <yaronf.ietf@gmail.com>
Subject: Protocol Action: 'Push-Based Security Event Token (SET) Delivery Using HTTP' to Proposed Standard (draft-ietf-secevent-http-push-14.txt)

The IESG has approved the following document:
- 'Push-Based Security Event Token (SET) Delivery Using HTTP'
  (draft-ietf-secevent-http-push-14.txt) as Proposed Standard

This document is the product of the Security Events Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:

Technical Summary

This document defines an HTTP push-based protocol for delivery of Security Event
Tokens (SETs, RFC 8417). This is one of the two options the working group is working
on: push- vs. poll-based delivery.

Working Group Summary

The protocol is a simple and straightforward way to transmit SETs, and the working group
supports it. Since we only have a small core of active participants, we ran into a problem
while requesting formal indication of support, but eventually received enough messages
in favor of publication to demonstrate consensus.

Document Quality

There are multiple implementations, including one in production by
Google (https://developers.google.com/identity/risc).
The shepherd reviewed the document thoroughly as well.


The document shepherd is Yaron Sheffer.
The responsible Area Director is Ben Kaduk.