RFC Errata
Found 1 record.
Status: Reported (1)
RFC 8417, "Security Event Token (SET)", July 2018
Source of RFC: secevent (sec)
Errata ID: 7175
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Nigel Somerfield
Date Reported: 2022-10-21
Section 2.1.4 says:
{ "iss": "https://idp.example.com/", "jti": "756E69717565206964656E746966696572", "iat": 1508184845, "aud": "636C69656E745F6964", "events": { "https://schemas.openid.net/secevent/risc/event-type/account-disabled" : { "subject": { "subject_type": "iss-sub", "iss": "https://idp.example.com/", "sub": "7375626A656374" }, "reason": "hijacking" } } } Figure 4: Example RISC Event Notice that parameters to the event are included in the event payload, in this case, the "reason" and "cause-time" values. The subject of the event is identified using the "subject" payload value, which itself is a JSON object.
It should say:
{ "iss": "https://idp.example.com/", "jti": "756E69717565206964656E746966696572", "iat": 1508184845, "aud": "636C69656E745F6964", "events": { "https://schemas.openid.net/secevent/risc/event-type/account-disabled" : { "subject": { "subject_type": "iss-sub", "iss": "https://idp.example.com/", "sub": "7375626A656374" }, "reason": "hijacking" } } } Figure 4: Example RISC Event Notice that parameters to the event are included in the event payload, in this case, the "reason" value. The subject of the event is identified using the "subject" payload value, which itself is a JSON object.
Notes:
The included RISC event example JSON object does not contain a "cause-time" member, however this is referred to in the explanation following the example. It would be valuable to either include the "cause-time" member, or to remove it from the explanation as per the above.