[OpenID] Password age and password reset
Peter Williams
pwilliams at rapattoni.com
Wed May 13 18:07:49 UTC 2009
Out of interest, assuming the user has bound several openids to the rp account,which op gets all this data? The one introducing the current session, or all of them?
Does the rp using a vanity openid need the users consent before reporting suspicious or improper (user) conduct to a third party (the op)? Or should the transfer be covert?
-----Original Message-----
From: Santosh Rajan <santrajan at gmail.com>
Sent: Wednesday, May 13, 2009 12:18 PM
To: general at openid.net <general at openid.net>
Subject: Re: [OpenID] Password age and password reset
I think this subject is beyond the scope of OpenID. "Malicious activity" can
be anything. The RP has to handle this separately.
1) Inform the user via email or when he logs in again or any appropriate
measure. Shut the account whatever.
2) OP's must have a separate channel where the RP's can report this.
3) And depending on what the "malicious activity" is, the RP may even have
to report to concerned govt authorities depending on the law.
This has to be handled as an entirely different matter beyond the scope of
OpenID.
Breno de Medeiros wrote:
>
> Argh, I meant RP detects malicious activity on the user's account at
> the RP. There is no additional exchange of data between RP and OP in
> this scenario.
>
>
>>
>> 1. RP detects malicious activity on the user's account at the OP.
>>
>>
>> --
>> --Breno
>>
>> +1 (650) 214-1007 desk
>> +1 (408) 212-0135 (Grand Central)
>> MTV-41-3 : 383-A
>> PST (GMT-8) / PDT(GMT-7)
>>
>
>
>
> --
> --Breno
>
> +1 (650) 214-1007 desk
> +1 (408) 212-0135 (Grand Central)
> MTV-41-3 : 383-A
> PST (GMT-8) / PDT(GMT-7)
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
-----
Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com
--
View this message in context: http://www.nabble.com/Password-age-and-password-reset-tp23507470p23525117.html
Sent from the OpenID - General mailing list archive at Nabble.com.
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list