[Openid-specs-risc] RISC Question: Password Reset
ALI Asad
asad.ali at thalesgroup.com
Thu Aug 13 17:05:25 UTC 2020
Hi Tim,
In the SSE context I think the password reset event would fall under account credential change. Unless we want to capture system enforced change vs. voluntary password change (initiated by user), there is no need to have two separate event types.
Let us see what RISC folks say.
Regards,
--- Asad
From: Openid-specs-risc [mailto:openid-specs-risc-bounces at lists.openid.net] On Behalf Of Tim Cappalli via Openid-specs-risc
Sent: Wednesday, August 12, 2020 8:56 AM
To: Openid-specs-risc <openid-specs-risc at lists.openid.net>
Subject: [Openid-specs-risc] RISC Question: Password Reset
Hey all. Question for the RISC folks.
Looking at the existing event types<https://openid.net/specs/openid-risc-event-types-1_0-ID1.html>, would a password reset event fall under Account Credential Change Required or does this require a new event?
Password change was given as an example.
Account Credential Change Required signals that the account identified by the subject was required to change a credential. For example the user was required to go through a password change.
Thanks
Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20200813/c070fee9/attachment.html>
More information about the Openid-specs-risc
mailing list