[Openid-specs-ab] Credential revocation

Breno de Medeiros breno at google.com
Wed Jan 11 19:07:58 UTC 2012


A more useful feature would be instant session revocation on password
resets. That could be implemented entirely on the IDP as an
added-feature if the RP supports near-instant detection of session
state changes (which I am hoping to document for the JS API).

On Wed, Jan 11, 2012 at 11:04, John Bradley <ve7jtb at ve7jtb.com> wrote:
> It was something that a number of RP brought up in the early discussions.
>
> We are more IdP weighted at the moment.  I think it was Facebook that was most interested in this from the IdP.
>
> It isn't a priority, but the NIST document reminded me it slipped from the feature list.
>
> I agree the other things are higher priority.
>
> Just interested in seeing if there is any real interest in the issue.
>
> John B.
> On 2012-01-11, at 3:47 PM, Mike Jones wrote:
>
>> I'd only add it to a list if we're seeing actual demand for it from deployers.
>>
>> As it is, I think we should focus on addressing review comments received, completing session management, and completing JWE.  And when we finish those, adding self-issued IDs.  That's more than enough to keep us productively busy for the time being.
>>
>>                               -- Mike
>>
>> -----Original Message-----
>> From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of John Bradley
>> Sent: Wednesday, January 11, 2012 10:20 AM
>> To: openid-specs-ab at lists.openid.net
>> Subject: [Openid-specs-ab] Credential revocation
>>
>> FYI a draft from NIST
>> http://csrc.nist.gov/publications/drafts/nistir-7817/Draft-NISTIR-7817.pdf
>>
>> I don't think his conclusion is necessarily practical, however it is interesting to see what they are thinking.
>>
>> We did talk about having a signalling mechanism from RP to IdP to request a password reset or provide other signalling.
>>
>> That got dropped along the way.
>>
>> Should this get added to a list of possible extensions?
>>
>> John B.
>>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>



-- 
--Breno


More information about the Openid-specs-ab mailing list