Should some event types be delivered by default regardless of whether they were requested?

[FragLegs]

There are a few events that are sent by the Transmitter that are about the Transmitter itself, rather than being about external security events. The event types I'm thinking of are:

• https://schemas.openid.net/secevent/ssf/event-type/verification
• https://schemas.openid.net/secevent/ssf/event-type/stream-updated

Should those be added to events_delivered automatically, even if the Receiver does not specifically request them in events_requested?

[appsdesh]

I feel that the protocol events should be kept separate from the profile events. We should keep usingevents_delivered, events_requested for profile events, as it describes subscriptions from the receiver and intent of delivery from the transmitter.

Protocol events should be mandatory if the Transmitter implements certain functionality. eg. If Transmitter implements verification then how/when the verification event is sent should be defined by the verification API and not the events_delivered, events_requested.