RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 8417, "Security Event Token (SET)", July 2018

Source of RFC: secevent (sec)

Errata ID: 7175
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Nigel Somerfield
Date Reported: 2022-10-21

Section 2.1.4 says:

    "iss": "https://idp.example.com/",
    "jti": "756E69717565206964656E746966696572",
    "iat": 1508184845,
    "aud": "636C69656E745F6964",
    "events": {
          : {
        "subject": {
          "subject_type": "iss-sub",
          "iss": "https://idp.example.com/",
          "sub": "7375626A656374"
        "reason": "hijacking"

                       Figure 4: Example RISC Event

   Notice that parameters to the event are included in the event
   payload, in this case, the "reason" and "cause-time" values.  The
   subject of the event is identified using the "subject" payload value,
   which itself is a JSON object.

It should say:

    "iss": "https://idp.example.com/",
    "jti": "756E69717565206964656E746966696572",
    "iat": 1508184845,
    "aud": "636C69656E745F6964",
    "events": {
          : {
        "subject": {
          "subject_type": "iss-sub",
          "iss": "https://idp.example.com/",
          "sub": "7375626A656374"
        "reason": "hijacking"

                       Figure 4: Example RISC Event

   Notice that parameters to the event are included in the event
   payload, in this case, the "reason" value.  The
   subject of the event is identified using the "subject" payload value,
   which itself is a JSON object.


The included RISC event example JSON object does not contain a "cause-time" member, however this is referred to in the explanation following the example. It would be valuable to either include the "cause-time" member, or to remove it from the explanation as per the above.

Report New Errata

Advanced Search