[Openid-specs-risc] RISC events supported by Google

Marius Scurtescu mscurtescu at google.com
Tue Apr 11 18:26:03 UTC 2017


On Tue, Apr 11, 2017 at 11:14 AM, Phil Hunt <phil.hunt at oracle.com> wrote:

>
> This seems to be a subset of the larger list that Adam has presented
> during the last few F2F meetings.
>
> Are we talking about a set of MTI events?  Or just the first events to
> focus in on.
>

First events to focus on. I don't think we can mandate any events, to me it
is always up to the issuer.


>
> I think it would be worth while writing down definitions for all of them
> so we can understand the differences between events.
>
> Phil
>
> Oracle Corporation, Identity Cloud Services Architect & Standards
> @independentid
> www.independentid.com
> phil.hunt at oracle.com
>
>
>
>
>
>
>
>
>
>
>
>
> On Apr 11, 2017, at 11:02 AM, Mike Jones <Michael.Jones at microsoft.com>
> wrote:
>
> This is useful, Marius.  What are the arguments for each of these events?
>
> *From:* Openid-specs-risc [mailto:openid-specs-risc-
> bounces at lists.openid.net <openid-specs-risc-bounces at lists.openid.net>] *On
> Behalf Of *Marius Scurtescu
> *Sent:* Tuesday, April 11, 2017 10:50 AM
> *To:* openid-specs-risc at lists.openid.net
> *Subject:* [Openid-specs-risc] RISC events supported by Google
>
> Right now Google supports the following events:
> - sessions-revoked - it states the Google closed all existing sessions for
> given subject
> - tokens-revoked - it states that Google revoked all tokens for given user
> and recipient (client), no individual token strings provided, applies only
> to tokens explicitly revoked by the user
>
> In the near future Google is planning to support:
> - account-deleted - the account was deleted, an RP should find an
> alternative way to authenticate the user, while they still have an active
> session (if Google was only IdP and no other recovery email then account is
> practically lost)
> - account-locked - account locked because of possibility of hijacking
> - account-recovered - user recovered previously locked account
> - account-reverification-requested - account not locked, but all sessions
> closed and user will be asked to change password on next login
>
> Potentially in the mid future:
> - account-identifier-changed - email address changes
> - other token revocation events (revoked by client through API, revoked by
> Google for various reasons)
> - log out events
>
> Thoughts?
>
> Which of these events do you think you would use and how?
>
> What other events would you like to receive from Google (and RISC in
> general)?
>
> Thanks,
> Marius
> _______________________________________________
> Openid-specs-risc mailing list
> Openid-specs-risc at lists.openid.net
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.
> openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwICAg&c=
> RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=
> JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=I457x4aQqCx7MBVL6ZjO_
> SlwfA4PpSO72h__VrpGxBA&s=YQvshO69_ITj0EEukIKbIHcSEKZUY9z-gG7kKzIx8eo&e=
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20170411/4a69e852/attachment-0001.html>


More information about the Openid-specs-risc mailing list