From 935473a117177545b1802c6d334b5db4ad9f2956 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 19 May 2019 12:45:42 +0300 Subject: Change: KILLSESSION requirement to be about individual sessions --- yuck.mdwn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/yuck.mdwn b/yuck.mdwn index 5cb86ed..5c3b7c3 100644 --- a/yuck.mdwn +++ b/yuck.mdwn @@ -216,8 +216,8 @@ reference in discussions. an end-user or an API client) so that it still exists, but authentication cannot ever succeed. -* (KILLSESSION) It must be possible to kill existing web sessions to - kick out someone who is logged in to Yuck. +* (KILLSESSION) It must be possible to kill existing individual web + sessions to kick out someone who is logged in to Yuck. * (KEYROTATION) The IDP MUST rotate signing keys so that a leaked key can be easily replaces. The IDP MUST have a secure way to distribute -- cgit v1.2.1