-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
First iteration of Event Def Spec #209
base: main
Are you sure you want to change the base?
Conversation
|
||
1. Author(s) of the pull request MUST be at least a contributing member of the OpenID Foundation. | ||
1. The Pull Request MUST contain a human readable description of the new SSF event type. | ||
1. The $id of the schema MUST be publicly accesbile on the internet and resolve to the schema document. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to worry about broken or stale URLs? Should there be a process for handling those?
1. The $id of the schema MUST be publicly accesbile on the internet and resolve to the schema document. | ||
1. The "title" and "description" of the schema must be meaningful and indicative of its function. | ||
1. The naming of all schema properties MUST be indicative of its function. | ||
1. Schemas may not be removed, only deprecated. Any changes to schemas must follow semantic versioning. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How will we mark schemas as deprecated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
schemas cannot be deprecated explicitly but superseded by newer versions
[edit] : im actually not sure about this... lets discuss today
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Initial pass before today's call.
|
||
This section serves as a registry for the schemas of all registered SSF Event Types. | ||
|
||
| Event Type | Schema URI | Description |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My goal with this effort was to eliminate the need for this classification. An event should be descriptive enough to not need a bucket.
~~~ json | ||
{ | ||
"$schema":"https://json-schema.org/draft/2020-12/schema", | ||
"$id":"https://schemas.openid.net/secevent/caep/event-type/session-revoked/v1.schema.json", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we might need to define a mapping of the event identifier in the SET to the JSON schema identifier.
E.g. the event identifier is $id
with .schema.json
stripped?
And then we can say the inverse: an event's schema can be found by appending .schema.json
to the event identifier and then dereferencing it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think thats a good idea.
1. Author(s) of the pull request MUST be at least a contributing member of the OpenID Foundation. | ||
1. The Pull Request MUST contain a human readable description of the new SSF event type. | ||
1. The $id of the schema MUST be publicly accesbile on the internet and resolve to the schema document. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An alternative is that we use issues with issue templates, so we can require certain information be provided.
Co-authored-by: Tim Cappalli <tim@cappalli.me> Co-authored-by: Shayne Miel (he/him) <miel.shayne@gmail.com>
Co-authored-by: Tim Cappalli <tim@cappalli.me> Co-authored-by: Shayne Miel (he/him) <miel.shayne@gmail.com>
This is a great start, @jischr ! I would like to understand how a collection of events can be defined and identified as such here. For example, if someone wanted to implement "session security", then there may be many events that come under that collection (today named CAEP). Would there be a way to identify that in this scheme? |
@tulshi We could refer to this "Collection" in a new schema that described the whole events array. I think the big takeaway from your comment is the distinction between event definitions and collections of event definitions. Let me rough draft how that could look! |
Wouldn't this just be addressed via an interop profile? Each event should be able to stand on its own in terms of understanding its usage. I don't think we should formally group events in this new model. We already have |
This PR addresses #158