diff options
-rw-r--r-- | yuck.mdwn | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -183,6 +183,9 @@ reference in discussions. authentication cannot ever succeed. * (KILLSESSION) It must be possible to kill existing web sessions to kick out someone who is logged in to Yuck. +* (KEYROTATION) The IDP MUST rotate signing keys so that a leaked key + can be easily replaces. The IDP MUST have a secure way to distribute + the key to clients. # Architecture: the ecosystem |