Push-Based Security Event Token (SET) Delivery Using HTTP
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, The IESG <email@example.com>, firstname.lastname@example.org, Yaron Sheffer <email@example.com> Subject: Protocol Action: 'Push-Based Security Event Token (SET) Delivery Using HTTP' to Proposed Standard (draft-ietf-secevent-http-push-14.txt) The IESG has approved the following document: - 'Push-Based Security Event Token (SET) Delivery Using HTTP' (draft-ietf-secevent-http-push-14.txt) as Proposed Standard This document is the product of the Security Events Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-secevent-http-push/
Technical Summary This document defines an HTTP push-based protocol for delivery of Security Event Tokens (SETs, RFC 8417). This is one of the two options the working group is working on: push- vs. poll-based delivery. Working Group Summary The protocol is a simple and straightforward way to transmit SETs, and the working group supports it. Since we only have a small core of active participants, we ran into a problem while requesting formal indication of support, but eventually received enough messages in favor of publication to demonstrate consensus. Document Quality There are multiple implementations, including one in production by Google (https://developers.google.com/identity/risc). The shepherd reviewed the document thoroughly as well. Personnel The document shepherd is Yaron Sheffer. The responsible Area Director is Ben Kaduk.