That's a good point. Is it fair to assume that W3C owns the standards for most (if not all) standards related to Identity Providers? Or does it make sense for IETF to start setting these standards in cases where W3C standards don't exist?
- Kevat On Mon, Aug 9, 2021, 2:56 PM Tim Cappalli <tim.cappa...@microsoft.com> wrote: > I believe this topic would be more W3C scope, not IETF. > > tim > ------------------------------ > *From:* OAuth <oauth-boun...@ietf.org> on behalf of Kevat Shah < > kevats...@gmail.com> > *Sent:* Sunday, August 8, 2021 16:37 > *To:* oauth@ietf.org <oauth@ietf.org> > *Subject:* [OAUTH-WG] Specifications for Identity Providers > > Some people who received this message don't often get email from > kevats...@gmail.com. Learn why this is important > <http://aka.ms/LearnAboutSenderIdentification> > I propose that we expand upon specific functionality provided by Identity > Providers (IdPs) and tasks handled by them. > > To start with, there should be clear specifications for various > functionalities that IdPs provide such as: > > - Email verification on registration > - Specifications regarding "forgot password" functionality > - Specifications regarding "resest password" functionality for users that > are logged in > > > These specifications only pertain to Identity Providers, and allow an > industry-wide set of rules that each Identity Provider must follow. The > purpose of doing so would be to standardize various frequently used and > implemented flows that are secure and widely reusable. > > > > Some problems that would be addressed by these specifications would be: > > - How to securely implement functionality where a user is sent a link to > verify their email address > > - How to securely implement functionality where a user is sent a > verification code to verify their email address > > - How to securely implement functionality where a user is sent a link to > reset their password > > - How to securely implement functionality where a user is sent a > verification code to reset their password > > > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
