[OpenID] Password age and password reset

Breno de Medeiros breno at google.com
Wed May 13 16:41:06 UTC 2009 

On Wed, May 13, 2009 at 9:18 AM, Santosh Rajan <santrajan at gmail.com> wrote:
>
> I think this subject is beyond the scope of OpenID. "Malicious activity" can
> be anything. The RP has to handle this separately.

True, but this proposal is to address the case when the RP normal
response would be to ask the user to change the password.

> 1) Inform the user via email or when he logs in again or any appropriate
> measure. Shut the account whatever.

In the scenario I described, the RP is already doing this messaging.
It is just not as effective because the RP cannot forward the user to
the password change flow.

> 2) OP's must have a separate channel where the RP's can report this.

And you claim that this cannot be standardized. Why?

> 3) And depending on what the "malicious activity" is, the RP may even have
> to report to concerned govt authorities depending on the law.

Yes.

> This has to be handled as an entirely different matter beyond the scope of
> OpenID.

Why?

>
>
> Breno de Medeiros wrote:
>>
>> Argh, I meant RP detects malicious activity on the user's account at
>> the RP. There is no additional exchange of data between RP and OP in
>> this scenario.
>>
>>
>>>
>>> 1. RP detects malicious activity on the user's account at the OP.
>>>
>>>
>>> --
>>> --Breno
>>>
>>> +1 (650) 214-1007 desk
>>> +1 (408) 212-0135 (Grand Central)
>>> MTV-41-3 : 383-A
>>> PST (GMT-8) / PDT(GMT-7)
>>>
>>
>>
>>
>> --
>> --Breno
>>
>> +1 (650) 214-1007 desk
>> +1 (408) 212-0135 (Grand Central)
>> MTV-41-3 : 383-A
>> PST (GMT-8) / PDT(GMT-7)
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>>
>
>
> -----
>
> Santosh Rajan
> http://santrajan.blogspot.com http://santrajan.blogspot.com
> --
> View this message in context: http://www.nabble.com/Password-age-and-password-reset-tp23507470p23525117.html
> Sent from the OpenID - General mailing list archive at Nabble.com.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>



-- 
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)

More information about the general mailing list