- edited description
Security Considerations
I've opened this issue so we can get any additional security considerations into the draft. From the user_code issue we have the following:
- user_code should not be stored by the RP
- The OP should provide a method for the user to change the user_code
(are these security considerations or should they go into the user_code section of the spec)
Comments (7)
-
reporter -
reporter user_code MUST NOT be stored by the RP
-
reporter we agreed to make the first point a MUST NOT and keep the second as a SHOULD. We discussed making the wording more explicit in the first one, i.e. the RP MUST ask the user for the user-code each time.
I will propose wording for this. We also agreed that this should be in the main
user_code
section rather than in the security considerations -
reporter -
assigned issue to
-
assigned issue to
-
reporter -
Merged pull request
#52I think this can be resolved @dgtonge, if the "2 extra clauses to the user code section" are all that were still needed?
-
reporter - changed status to resolved
2 clauses agreed and have been added
- Log in to comment