[OpenID] Password age and password reset
Santosh Rajan
santrajan at gmail.com
Wed May 13 16:18:45 UTC 2009
I think this subject is beyond the scope of OpenID. "Malicious activity" can
be anything. The RP has to handle this separately.
1) Inform the user via email or when he logs in again or any appropriate
measure. Shut the account whatever.
2) OP's must have a separate channel where the RP's can report this.
3) And depending on what the "malicious activity" is, the RP may even have
to report to concerned govt authorities depending on the law.
This has to be handled as an entirely different matter beyond the scope of
OpenID.
Breno de Medeiros wrote:
>
> Argh, I meant RP detects malicious activity on the user's account at
> the RP. There is no additional exchange of data between RP and OP in
> this scenario.
>
>
>>
>> 1. RP detects malicious activity on the user's account at the OP.
>>
>>
>> --
>> --Breno
>>
>> +1 (650) 214-1007 desk
>> +1 (408) 212-0135 (Grand Central)
>> MTV-41-3 : 383-A
>> PST (GMT-8) / PDT(GMT-7)
>>
>
>
>
> --
> --Breno
>
> +1 (650) 214-1007 desk
> +1 (408) 212-0135 (Grand Central)
> MTV-41-3 : 383-A
> PST (GMT-8) / PDT(GMT-7)
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
-----
Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com
--
View this message in context: http://www.nabble.com/Password-age-and-password-reset-tp23507470p23525117.html
Sent from the OpenID - General mailing list archive at Nabble.com.
More information about the general
mailing list