[Openid-specs-risc] Opt Out / Opt In

Richard Backman, Annabelle richanna at amazon.com
Tue Oct 12 18:36:23 UTC 2021 

  1.  It is a signal that the user made a change their account

It's worth underscoring this point. The opt-in/out events are signals about actions/state changes that occurred on the transmitter's side. They, like all events, are informative; they are not commands. The event definition does not oblige the recipient to take any particular action based on receiving an opt-in or opt-out event (or any event) beyond validating the event and acknowledging it or reporting an error as appropriate. A transmitter MUST NOT depend on the recipient doing anything other than that (such as reciprocating the opt-in/out for a bi-directional stream) unless they have some additional agreement or understanding with the recipient, e.g., there is a contractual agreement between transmitter and receiver that obliges a particular behavior, or both are implementing some higher level protocol that constrains their behavior.

It's also worth noting that if the recipient offers an opt-in/out on their side, they would implement that by subscribing/unsubscribing to events for the subject via the Event Stream Management API.

—
Annabelle Backman (she/her)
richanna at amazon.com<mailto:richanna at amazon.com>




On Oct 12, 2021, at 7:21 AM, Tim Cappalli via Openid-specs-risc <openid-specs-risc at lists.openid.net<mailto:openid-specs-risc at lists.openid.net>> wrote:

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


Hi Shayne,


  1.  Not necessarily. End users are not usually aware of in-session events (defined by CAEP) whereas RISC is used in a more end-user centric manner as "account protection".
  2.  Because it is not for the operation / lifecycle of the protocol itself. It is a signal that the user made a change their account, in this case disabling account protection features.

HTH
tim
________________________________
From: Openid-specs-risc <openid-specs-risc-bounces at lists.openid.net<mailto:openid-specs-risc-bounces at lists.openid.net>> on behalf of Shayne Miel (smiel) via Openid-specs-risc <openid-specs-risc at lists.openid.net<mailto:openid-specs-risc at lists.openid.net>>
Sent: Monday, October 11, 2021 10:21
To: Openid-specs-risc at lists.openid.net<mailto:Openid-specs-risc at lists.openid.net> <Openid-specs-risc at lists.openid.net<mailto:Openid-specs-risc at lists.openid.net>>
Subject: [Openid-specs-risc] Opt Out / Opt In

Sorry for all the questions recently. I have a few more, this time about the RISC Opt Out / Opt In events<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-risc-profile-specification-1_0.html%23opt-out&data=04%7C01%7Ctim.cappalli%40microsoft.com%7Cac6190fef0e648d8722f08d98cc284c2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637695590818372595%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=LK%2F6M6HQDnEqy9rNOTfQMSxATL7zpwLr6n3MrV%2BeR7g%3D&reserved=0>.


  1.  If a user opts out of RISC events, should they also be opted out of CAEP events?
  2.  Why is Opt Out/In status controlled with events instead of with the stream management API?

Thanks!
Shayne

[https://duo.com/assets/img/email/duo-logo-email-signature.gif] [https://duo.com/assets/img/email/spacer.gif]
Shayne Miel
/ Engineering Technical Leader (he, him, his)


smiel at cisco.com<mailto:smiel at cisco.com>


(919) 923-6230


Duo.com<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fduo.com%2F&data=04%7C01%7Ctim.cappalli%40microsoft.com%7Cac6190fef0e648d8722f08d98cc284c2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637695590818412569%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=ZxXmQdNHRevUVpBfO2o5A%2FSiey1FpXYhgt8w0BwwRcM%3D&reserved=0>


----------
Duo Security is now part of Cisco<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fduo.com%2Fabout%2Fpress%2Freleases%2Fcisco-completes-acquisition-of-duo-security&data=04%7C01%7Ctim.cappalli%40microsoft.com%7Cac6190fef0e648d8722f08d98cc284c2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637695590818452547%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=rZFhsl1Kuxgm53gp9uDo5ZGVw9vNKiZayhVukaMz2JY%3D&reserved=0>.


_______________________________________________
Openid-specs-risc mailing list
Openid-specs-risc at lists.openid.net<mailto:Openid-specs-risc at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-risc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20211012/a3b090c0/attachment-0001.html>

More information about the Openid-specs-risc mailing list