>> I believe case #2 can be addressed in the OpenID UI Extension, using a special flag or mode that an RP can pass to the OP to indicate that checkid_setup should be interactive, even if the user had previously approved automatic login for the RPGood point.
On Tue, Jul 7, 2009 at 12:34 PM, Allen Tom <[email protected]> wrote: > Eric Sachs wrote: > >> >> The higher priority requests we get in this area are to support things >> like (1) forcing the user to change their password (such as in cases where >> the RP is pretty sure the user's credentials have been stolen) and (2) >> forcing the user to re-confirm they want their identity shared with the RP >> even if previously asked for this to be done automatically. >> >> I believe case #2 can be addressed in the OpenID UI Extension, using a > special flag or mode that an RP can pass to the OP to indicate that > checkid_setup should be interactive, even if the user had previously > approved automatic login for the RP. > > Allen > >
_______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
