[Openid-specs-ab] Credential revocation

Mike Jones Michael.Jones at microsoft.com
Wed Jan 11 18:47:00 UTC 2012


I'd only add it to a list if we're seeing actual demand for it from deployers.

As it is, I think we should focus on addressing review comments received, completing session management, and completing JWE.  And when we finish those, adding self-issued IDs.  That's more than enough to keep us productively busy for the time being.

				-- Mike

-----Original Message-----
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of John Bradley
Sent: Wednesday, January 11, 2012 10:20 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Credential revocation

FYI a draft from NIST
http://csrc.nist.gov/publications/drafts/nistir-7817/Draft-NISTIR-7817.pdf

I don't think his conclusion is necessarily practical, however it is interesting to see what they are thinking.

We did talk about having a signalling mechanism from RP to IdP to request a password reset or provide other signalling.

That got dropped along the way.

Should this get added to a list of possible extensions?

John B.



More information about the Openid-specs-ab mailing list