[OpenID] Password age and password reset
George Fletcher
gffletch at aol.com
Wed May 13 16:46:24 UTC 2009
+1 but I think the user will need more than just arriving at the
"Account Management" URL. Basically the RP is asking the user to "do
something" at the OP to verify their account is still "valid". By
default "do something" == "change password" though it could be something
else as well. The RP will still have to rely on the OP to "do the right
thing".
I just think from a UX perspective, there needs to be direction for the
user on what to do.
Thanks,
George
Breno de Medeiros wrote:
> That sounds like a good starting point.
>
> On Wed, May 13, 2009 at 9:25 AM, Allen Tom <atom at yahoo-inc.com> wrote:
>
>> How about if the OP publishes its "Account Management" URL in its discovery
>> document?
>>
>> Allen
>>
>> Breno de Medeiros wrote:
>>
>>> However, because there is no standard to even
>>> communicate which URL at the OP the user can change password, the
>>> experience is broken. A lot of users either don't know (without help
>>> from the OP) how to change their passwords.
>>>
>>>
>>
>
>
>
>
More information about the general
mailing list