[Openid-specs-ab] Credential revocation

John Bradley ve7jtb at ve7jtb.com
Wed Jan 11 19:04:43 UTC 2012


It was something that a number of RP brought up in the early discussions.

We are more IdP weighted at the moment.  I think it was Facebook that was most interested in this from the IdP.

It isn't a priority, but the NIST document reminded me it slipped from the feature list.

I agree the other things are higher priority.

Just interested in seeing if there is any real interest in the issue.

John B.
On 2012-01-11, at 3:47 PM, Mike Jones wrote:

> I'd only add it to a list if we're seeing actual demand for it from deployers.
> 
> As it is, I think we should focus on addressing review comments received, completing session management, and completing JWE.  And when we finish those, adding self-issued IDs.  That's more than enough to keep us productively busy for the time being.
> 
> 				-- Mike
> 
> -----Original Message-----
> From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of John Bradley
> Sent: Wednesday, January 11, 2012 10:20 AM
> To: openid-specs-ab at lists.openid.net
> Subject: [Openid-specs-ab] Credential revocation
> 
> FYI a draft from NIST
> http://csrc.nist.gov/publications/drafts/nistir-7817/Draft-NISTIR-7817.pdf
> 
> I don't think his conclusion is necessarily practical, however it is interesting to see what they are thinking.
> 
> We did talk about having a signalling mechanism from RP to IdP to request a password reset or provide other signalling.
> 
> That got dropped along the way.
> 
> Should this get added to a list of possible extensions?
> 
> John B.
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120111/21d6a2c9/attachment.p7s>


More information about the Openid-specs-ab mailing list