[Openid-specs-ab] Credential revocation
Mike Jones
Michael.Jones at microsoft.com
Wed Jan 11 18:47:00 UTC 2012
I'd only add it to a list if we're seeing actual demand for it from deployers.
As it is, I think we should focus on addressing review comments received, completing session management, and completing JWE. And when we finish those, adding self-issued IDs. That's more than enough to keep us productively busy for the time being.
-- Mike
-----Original Message-----
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of John Bradley
Sent: Wednesday, January 11, 2012 10:20 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Credential revocation
FYI a draft from NIST
http://csrc.nist.gov/publications/drafts/nistir-7817/Draft-NISTIR-7817.pdf
I don't think his conclusion is necessarily practical, however it is interesting to see what they are thinking.
We did talk about having a signalling mechanism from RP to IdP to request a password reset or provide other signalling.
That got dropped along the way.
Should this get added to a list of possible extensions?
John B.
More information about the Openid-specs-ab
mailing list