New session presented event (#183)

* New session presented event

* removed risk_score from the event description. I will create a new PR for that

* added txn claim to example

* modified value of "ip" field to being an array

* incorporated Apoorva's feedback

* added txn to all event examples, and removed risk_score from session presented event example

Author: tulshi

openid-caep-specification-1_0.md

@@ -255,6 +255,7 @@ NOTE: The event type URI is wrapped, the backslash is the continuation character
     "jti": "24c63fb56e5a2d77a6b512616ca9fa24",
     "iat": 1615305159,
     "aud": "https://sp.example.com/caep",
+    "txn": 8675309,
     "sub_id": {
         "format": "opaque",
         "id": "dMTlD|1600802906337.16|16008.16"
@@ -274,6 +275,7 @@ NOTE: The event type URI is wrapped, the backslash is the continuation character
     "jti": "24c63fb56e5a2d77a6b512616ca9fa24",
     "iat": 1615305159,
     "aud": "https://sp.example.com/caep",
+    "txn": 8675309,
     "sub_id": {
         "format": "complex",
         "session": {
@@ -313,6 +315,7 @@ NOTE: The event type URI is wrapped, the backslash is the continuation character
     "jti": "24c63fb56e5a2d77a6b512616ca9fa24",
     "iat": 1615305159,
     "aud": "https://sp.example.com/caep",
+    "txn": 8675309,
     "sub_id": {
         "format": "complex",
         "user": {
@@ -376,6 +379,7 @@ NOTE: The event type URI is wrapped, the backslash is the continuation character
     "jti": "9afce1e4e642b165fcaacdd0e7aa4903",
     "iat": 1615305159,
     "aud": "https://sp.example2.net/caep",
+    "txn": 8675309,
     "sub_id": {
         "format": "jwt_id",
         "iss": "https://idp.example.com/987654321/",
@@ -399,6 +403,7 @@ NOTE: The event type URI is wrapped, the backslash is the continuation character
     "jti": "9afce1e4e642b165fcaacdd0e7aa4903",
     "iat": 1615305159,
     "aud": "https://sp.example2.net/caep",
+    "txn": 8675309,
     "sub_id": {
         "format": "jwt_id",
         "iss": "https://idp.example.com/987654321/",
@@ -431,6 +436,7 @@ NOTE: The event type URI is wrapped, the backslash is the continuation character
     "jti": "dae94fed5f459881efa38b65c6772ddc",
     "iat": 1615305159,
     "aud": "https://sp.example2.net/caep",
+    "txn": 8675309,
     "sub_id": {
         "format": "saml_assertion_id",
         "issuer": "https://idp.example.com/987654321/",
@@ -514,6 +520,7 @@ NOTE: The event type URI is wrapped, the backslash is the continuation character
     "jti": "07efd930f0977e4fcc1149a733ce7f78",
     "iat": 1615305159,
     "aud": "https://sp.example2.net/caep",
+    "txn": 8675309,
     "sub_id": {
         "format": "iss_sub",
         "iss": "https://idp.example.com/3456789/",
@@ -596,6 +603,7 @@ the assurance level changed.
     "jti": "07efd930f0977e4fcc1149a733ce7f78",
     "iat": 1615305159,
     "aud": "https://sp.example2.net/caep",
+    "txn": 8675309,
     "sub_id": {
         "format": "iss_sub",
         "iss": "https://idp.example.com/3456789/",
@@ -621,6 +629,7 @@ the assurance level changed.
     "jti": "07efd930f0977e4fcc1149a733ce7f78",
     "iat": 1615305159,
     "aud": "https://sp.example2.net/caep",
+    "txn": 8675309,
     "sub_id": {
         "format": "iss_sub",
         "iss": "https://idp.example.com/3456789/",
@@ -678,6 +687,7 @@ NOTE: The event type URI is wrapped, the backslash is the continuation character
     "jti": "24c63fb56e5a2d77a6b512616ca9fa24",
     "iat": 1615305159,
     "aud": "https://sp.example.com/caep",
+    "txn": 8675309,
     "sub_id": {
         "format": "complex",
         "device": {
@@ -724,7 +734,7 @@ The `event_timestamp` in this event type specifies the time at which the session
 ### Event Specific Claims {#session-established-event-specific-claims}
 The following optional claims MAY be included in the Session Established event:
 
-ip
+ips
 : The array of IP addresses of the user as observed by the Transmitter. The value MUST be in the format of an array of strings, each one of which represents the RFC 4001 {{RFC4001}} string represetation of an IP address. (**NOTE**, this can be different from the one observed by the Receiver for the same user because of network translation)
 
 fp_ua
@@ -749,21 +759,69 @@ The following is a non-normative example of the `session-established` event type
     "jti": "24c63fb56e5a2d77a6b512616ca9fa24",
     "iat": 1615305159,
     "aud": "https://sp.example.com/caep",
+    "txn": 8675309,
     "sub_id": {
       "format": "email",
       "email": "[email protected]"
     },
     "events": {
         "https://schemas.openid.net/secevent/caep/event-type/session-established": {
-          "ip": "192.168.1.12",
+          "ips": ["192.168.1.12", "10.1.1.1"],
           "fp_ua": "abb0b6e7da81a42233f8f2b1a8ddb1b9a4c81611",
           "acr": "AAL2",
-          "amr": "otp"
+          "amr": "otp",
+          "event_timestamp": 1615304991643
         }
     }
 }
 ~~~
 
+## Session Presented {#session-presented}
+Event Type URI:
+
+`https://schemas.openid.net/secevent/caep/event-type/session-presented`
+
+The Session Presented event signifies that the Transmitter has observed the session to be present at the Transmitter at the time indicated by the `event_timestamp` field in the Session Presented event. Receivers may use this information for reasons that include:
+
+* Detecting abnormal user activity
+* Establishing an inventory of live sessions belonging to a user
+
+### Event Specific Claims {#session-presented-event-specific-claims}
+The following optional claims MAY be present in a Session Presented event:
+
+ips
+: The array of IP addresses of the user as observed by the Transmitter. The value MUST be in the format of an array of strings, each one of which represents the RFC 4001 {{RFC4001}} string represetation of an IP address. (**NOTE**, this can be different from the one observed by the Receiver for the same user because of network translation)
+
+fp_ua
+: Fingerprint of the user agent computed by the Transmitter. (**NOTE**, this is not to identify the session, but to present some qualities of the session)
+
+ext_id
+: The external session identifier, which may be used to correlate this session with a broader session (e.g., a federated session established using SAML)
+
+### Examples {#session-presented-examples}
+The following is a non-normative example of a Session Presented event:
+
+~~~json
+{
+    "iss": "https://idp.example.com/123456789/",
+    "jti": "24c63fb56e5a2d77a6b512616ca9fa24",
+    "iat": 1615305159,
+    "aud": "https://sp.example.com/caep",
+    "txn": 8675309,
+    "sub_id": {
+      "format": "email",
+      "email": "[email protected]"
+    },
+    "events": {
+        "https://schemas.openid.net/secevent/caep/event-type/session-presented": {
+          "ips": ["192.168.1.12","10.1.1.1"],
+          "fp_ua": "abb0b6e7da81a42233f8f2b1a8ddb1b9a4c81611",
+          "ext_id": "12345",
+          "event_timestamp": 1615304991643
+        }
+    }}
+~~~
+
 --- back
 
 # Acknowledgements