@@ -270,23 +270,20 @@ the session revocation occurred.
270270
271271# ## Examples {#session-revoked-examples}
272272
273- NOTE : The event type URI is wrapped, the backslash is the continuation
274- character.
275-
276273~~~ json
277274{
278275 " iss " " https://idp.example.com/123456789/" ,
279276 " jti " " 24c63fb56e5a2d77a6b512616ca9fa24" ,
280277 " iat " 1615305159,
281278 " aud " " https://sp.example.com/caep" ,
282- " txn " 8675309,
279+ " txn " " 8675309" ,
283280 " sub_id " {
284281 " format " " opaque" ,
285282 " id " " dMTlD|1600802906337.16|16008.16"
286283 },
287284 " events " {
288285 " https://schemas.openid.net/secevent/caep/event-type/session-revoked " {
289- " event_timestamp " 1615304991643
286+ " event_timestamp " 1615304991
290287 }
291288 }
292289}
@@ -300,7 +297,7 @@ Required claims + Simple Subject"}
300297 " jti " " 24c63fb56e5a2d77a6b512616ca9fa24" ,
301298 " iat " 1615305159,
302299 " aud " " https://sp.example.com/caep" ,
303- " txn " 8675309,
300+ " txn " " 8675309" ,
304301 " sub_id " {
305302 " format " " complex" ,
306303 " session " {
@@ -327,7 +324,7 @@ Required claims + Simple Subject"}
327324 " en " " Access attempt from multiple regions." ,
328325 " es-410 " " Intento de acceso desde varias regiones."
329326 },
330- " event_timestamp " 1615304991643
327+ " event_timestamp " 1615304991
331328 }
332329 }
333330}
@@ -341,7 +338,7 @@ as `sub` claim (includes optional claims)"}
341338 " jti " " 24c63fb56e5a2d77a6b512616ca9fa24" ,
342339 " iat " 1615305159,
343340 " aud " " https://sp.example.com/caep" ,
344- " txn " 8675309,
341+ " txn " " 8675309" ,
345342 " sub_id " {
346343 " format " " complex" ,
347344 " user " {
@@ -369,7 +366,7 @@ as `sub` claim (includes optional claims)"}
369366 " en " " This device is no longer compliant." ,
370367 " it " " Questo dispositivo non è più conforme."
371368 },
372- " event_timestamp " 1615304991643
369+ " event_timestamp " 1615304991
373370 }
374371 }
375372}
@@ -401,24 +398,21 @@ the claim value(s) changed.
401398
402399# ## Examples {#token-claims-change-examples}
403400
404- NOTE : The event type URI is wrapped, the backslash is the continuation
405- character.
406-
407401~~~ json
408402{
409403 " iss " " https://idp.example.com/987654321/" ,
410404 " jti " " 9afce1e4e642b165fcaacdd0e7aa4903" ,
411405 " iat " 1615305159,
412406 " aud " " https://sp.example2.net/caep" ,
413- " txn " 8675309,
407+ " txn " " 8675309" ,
414408 " sub_id " {
415409 " format " " jwt_id" ,
416410 " iss " " https://idp.example.com/987654321/" ,
417411 " jti " " f61t6e20zdo3px56gepu8rzlsp4c1dpc0fx7"
418412 },
419413 " events " {
420414 " https://schemas.openid.net/secevent/caep/event-type/token-claims-change " {
421- " event_timestamp " 1615304991643 ,
415+ " event_timestamp " 1615304991 ,
422416 " claims " {
423417 " role " " ro-admin"
424418 }
@@ -435,15 +429,15 @@ Change - Required claims only"}
435429 " jti " " 9afce1e4e642b165fcaacdd0e7aa4903" ,
436430 " iat " 1615305159,
437431 " aud " " https://sp.example2.net/caep" ,
438- " txn " 8675309,
432+ " txn " " 8675309" ,
439433 " sub_id " {
440434 " format " " jwt_id" ,
441435 " iss " " https://idp.example.com/987654321/" ,
442436 " jti " " f61t6e20zdo3px56gepu8rzlsp4c1dpc0fx7"
443437 },
444438 " events " {
445439 " https://schemas.openid.net/secevent/caep/event-type/token-claims-change " {
446- " event_timestamp " 1615304991643 ,
440+ " event_timestamp " 1615304991 ,
447441 " initiating_entity " " policy" ,
448442 " reason_admin " {
449443 " en " " User left trusted network: CorpNet3"
@@ -452,9 +446,8 @@ Change - Required claims only"}
452446 " en " " You're no longer connected to a trusted network." ,
453447 " it " " Non sei più connesso a una rete attendibile."
454448 },
455-
456449 " claims " {
457- " trusted_network " " false"
450+ " trusted_network " false
458451 }
459452 }
460453 }
@@ -469,15 +462,15 @@ Claims Change - Optional claims"}
469462 " jti " " dae94fed5f459881efa38b65c6772ddc" ,
470463 " iat " 1615305159,
471464 " aud " " https://sp.example2.net/caep" ,
472- " txn " 8675309,
465+ " txn " " 8675309" ,
473466 " sub_id " {
474467 " format " " saml_assertion_id" ,
475468 " issuer " " https://idp.example.com/987654321/" ,
476469 " assertion_id " " _a75adf55-01d7-dbd8372ebdfc"
477470 },
478471 " events " {
479472 " https://schemas.openid.net/secevent/caep/event-type/token-claims-change " {
480- " event_timestamp " 1615304991643 ,
473+ " event_timestamp " 1615304991 ,
481474 " claims " {
482475 " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role " " ro-admin"
483476 }
@@ -557,16 +550,13 @@ the credential change occurred.
557550
558551# ## Examples {#credential-change-examples}
559552
560- NOTE : The event type URI is wrapped, the backslash is the continuation
561- character.
562-
563553~~~json
564554{
565555 " iss " " https://idp.example.com/3456789/" ,
566556 " jti " " 07efd930f0977e4fcc1149a733ce7f78" ,
567557 " iat " 1615305159,
568558 " aud " " https://sp.example2.net/caep" ,
569- " txn " 8675309,
559+ " txn " " 8675309" ,
570560 " sub_id " {
571561 " format " " iss_sub" ,
572562 " iss " " https://idp.example.com/3456789/" ,
@@ -582,7 +572,7 @@ character.
582572 " reason_admin " {
583573 " en " " User self-enrollment"
584574 },
585- " event_timestamp " 1615304991643
575+ " event_timestamp " 1615304991
586576 }
587577 }
588578}
@@ -665,7 +655,7 @@ the assurance level changed.
665655 " jti " " 07efd930f0977e4fcc1149a733ce7f78" ,
666656 " iat " 1615305159,
667657 " aud " " https://sp.example2.net/caep" ,
668- " txn " 8675309,
658+ " txn " " 8675309" ,
669659 " sub_id " {
670660 " format " " iss_sub" ,
671661 " iss " " https://idp.example.com/3456789/" ,
@@ -678,7 +668,7 @@ the assurance level changed.
678668 " previous_level " " nist-aal1" ,
679669 " change_direction " " increase" ,
680670 " initiating_entity " " user" ,
681- " event_timestamp " 1615304991643
671+ " event_timestamp " 1615304991
682672 }
683673 }
684674}
@@ -692,7 +682,7 @@ the assurance level changed.
692682 " jti " " 07efd930f0977e4fcc1149a733ce7f78" ,
693683 " iat " 1615305159,
694684 " aud " " https://sp.example2.net/caep" ,
695- " txn " 8675309,
685+ " txn " " 8675309" ,
696686 " sub_id " {
697687 " format " " iss_sub" ,
698688 " iss " " https://idp.example.com/3456789/" ,
@@ -703,7 +693,7 @@ the assurance level changed.
703693 " namespace " " Retinal Scan" ,
704694 " current_level " " hi-res-scan" ,
705695 " initiating_entity " " user" ,
706- " event_timestamp " 1615304991643
696+ " event_timestamp " 1615304991
707697 }
708698 }
709699}
@@ -746,16 +736,13 @@ the device compliance status changed.
746736
747737# ## Examples {#device-compliance-change-examples}
748738
749- NOTE : The event type URI is wrapped, the backslash is the continuation
750- character.
751-
752739~~~json
753740{
754741 " iss " " https://idp.example.com/123456789/" ,
755742 " jti " " 24c63fb56e5a2d77a6b512616ca9fa24" ,
756743 " iat " 1615305159,
757744 " aud " " https://sp.example.com/caep" ,
758- " txn " 8675309,
745+ " txn " " 8675309" ,
759746 " sub_id " {
760747 " format " " complex" ,
761748 " device " {
@@ -779,7 +766,7 @@ character.
779766 " reason_user " {
780767 " en " " Device is no longer in a trusted location."
781768 },
782- " event_timestamp " 1615304991643
769+ " event_timestamp " 1615304991
783770 }
784771 }
785772}
@@ -843,7 +830,7 @@ type:
843830 " jti " " 24c63fb56e5a2d77a6b512616ca9fa24" ,
844831 " iat " 1615305159,
845832 " aud " " https://sp.example.com/caep" ,
846- " txn " 8675309,
833+ " txn " " 8675309" ,
847834 " sub_id " {
848835 " format " " email" ,
849836@@ -853,7 +840,7 @@ type:
853840 " fp_ua " " abb0b6e7da81a42233f8f2b1a8ddb1b9a4c81611" ,
854841 " acr " " AAL2" ,
855842 " amr " ["otp"],
856- " event_timestamp " 1615304991643
843+ " event_timestamp " 1615304991
857844 }
858845 }
859846}
@@ -897,7 +884,7 @@ The following is a non-normative example of a Session Presented event:
897884 " jti " " 24c63fb56e5a2d77a6b512616ca9fa24" ,
898885 " iat " 1615305159,
899886 " aud " " https://sp.example.com/caep" ,
900- " txn " 8675309,
887+ " txn " " 8675309" ,
901888 " sub_id " {
902889 " format " " email" ,
903890@@ -906,7 +893,7 @@ The following is a non-normative example of a Session Presented event:
906893 " https://schemas.openid.net/secevent/caep/event-type/session-presented " {
907894 " fp_ua " " abb0b6e7da81a42233f8f2b1a8ddb1b9a4c81611" ,
908895 " ext_id " " 12345" ,
909- " event_timestamp " 1615304991643
896+ " event_timestamp " 1615304991
910897 }
911898 }
912899}
@@ -929,11 +916,11 @@ modifications in a subject's assessed risk level at the time indicated by the
929916` event_timestamp` field in the Risk Level Change event. The Transmitter may
930917generate this event to indicate :
931918
932- * User's risk has changed due to potential suspecious access from unknown
919+ * User's risk has changed due to potential suspicious access from unknown
933920destination, password compromise, addition of strong authenticator or other
934921reasons.
935922* Device's risk has changed due to installation of unapproved software,
936- connection to insecure pheripheral device, encryption of data or other reasons.
923+ connection to insecure peripheral device, encryption of data or other reasons.
937924* Any other subject's risk changes due to variety of reasons.
938925
939926# ## Event Specific Claims {#risk-level-change-event-specific-claims}
@@ -946,7 +933,7 @@ level changes by the Transmitter.
946933principal
947934
948935> REQUIRED, JSON string: representing the principal entity involved in the
949- observed risk event, as identified by the transmitter . The subject principal can
936+ observed risk event, as identified by the Transmitter . The subject principal can
950937be one of the following entities USER, DEVICE, SESSION, TENANT, ORG_UNIT, GROUP,
951938or any other entity as defined in Section 2 of {{SSF}}. This claim identifies
952939the primary subject associated with the event, and helps to contextualize the
@@ -955,7 +942,7 @@ risk relative to the entity involved.
955942current_level
956943
957944> REQUIRED, JSON string: indicates the current level of the risk for the
958- subject. Value MUST be one of LOW, MEDIUM, HIGH
945+ subject. Value MUST be one of LOW, MEDIUM, HIGH.
959946
960947previous_level
961948
@@ -974,7 +961,7 @@ The following is a non-normative example of a Risk Level Change event:
974961 " jti " " 24c63fb56e5a2d77a6b512616ca9fa24" ,
975962 " iat " 1615305159,
976963 " aud " " https://sp.example.com/caep" ,
977- " txn " 8675309,
964+ " txn " " 8675309" ,
978965 " sub_id " {
979966 " format " " iss_sub" ,
980967 " iss " " https://idp.example.com/3456789/" ,
@@ -984,7 +971,7 @@ The following is a non-normative example of a Risk Level Change event:
984971 " https://schemas.openid.net/secevent/caep/event-type/risk-level-change" :{
985972 " current_level " " LOW" ,
986973 " previous_level " " HIGH" ,
987- " event_timestamp " 1615304991643 ,
974+ " event_timestamp " 1615304991 ,
988975 " principal " " USER" ,
989976 " risk_reason " " PASSWORD_FOUND_IN_DATA_BREACH"
990977 }
0 commit comments