diff options
author | Lars Wirzenius <liw@liw.fi> | 2019-03-31 18:48:06 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2019-03-31 18:48:06 +0300 |
commit | c26ee73aafd211365b3b8bb51ca4466887c9617e (patch) | |
tree | edc5ed2b93375423f746090ad2612626a850ec7f | |
parent | 1215bc4bbb8654fdfc9d48cab2440d4674635b30 (diff) | |
download | ick.liw.fi-c26ee73aafd211365b3b8bb51ca4466887c9617e.tar.gz |
Add: requirement that signing keys be rotated, distributed securely
-rw-r--r-- | yuck.mdwn | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -183,6 +183,9 @@ reference in discussions. authentication cannot ever succeed. * (KILLSESSION) It must be possible to kill existing web sessions to kick out someone who is logged in to Yuck. +* (KEYROTATION) The IDP MUST rotate signing keys so that a leaked key + can be easily replaces. The IDP MUST have a secure way to distribute + the key to clients. # Architecture: the ecosystem |