Difference between revisions of "Change Password"
From MgmtWiki
(→Solutions) |
(→Well-known URIs) |
||
Line 6: | Line 6: | ||
==Solutions== | ==Solutions== | ||
===Well-known URIs=== | ===Well-known URIs=== | ||
+ | * RFC5785 §1.1 Appropriate Use of Well-Known URIs | ||
There are a number of possible ways that applications could use Well- | There are a number of possible ways that applications could use Well- | ||
known URIs. However, in keeping with the Architecture of the World- | known URIs. However, in keeping with the Architecture of the World- | ||
Line 15: | Line 16: | ||
be evaluated before a resource is accessed, or when using multiple | be evaluated before a resource is accessed, or when using multiple | ||
round-trips is judged detrimental to performance. | round-trips is judged detrimental to performance. | ||
+ | |||
===Change to Browser=== | ===Change to Browser=== | ||
*[https://www.chromestatus.com/feature/6256768407568384 Chrome Platform Status] for A well-known URL for changing passwords. | *[https://www.chromestatus.com/feature/6256768407568384 Chrome Platform Status] for A well-known URL for changing passwords. |
Revision as of 12:00, 6 October 2020
Contents
Full Title or Meme
Whenever a security event is discovered the immediate call to a user is to Change Password.
Context
Users have been inundated with requests to change their password as a sort of magic elixir when the web site doesn't really know what to do. It costs the web site nothing to push the problem onto the user.
Solutions
Well-known URIs
- RFC5785 §1.1 Appropriate Use of Well-Known URIs
There are a number of possible ways that applications could use Well- known URIs. However, in keeping with the Architecture of the World- Wide Web [W3C.REC-webarch-20041215], well-known URIs are not intended for general information retrieval or establishment of large URI namespaces on the Web. Rather, they are designed to facilitate discovery of information on a site when it isn't practical to use other mechanisms; for example, when discovering policy that needs to be evaluated before a resource is accessed, or when using multiple round-trips is judged detrimental to performance.
Change to Browser
- Chrome Platform Status for A well-known URL for changing passwords.
- Editor' Draft A Well-Known URL for Changing Passwords
- chromium Issue 927473: Implement change-password-url ./well-known/change-password-url
- some web dev instructions.
A change password url of an origin is a URL that points to a resource that clients can use to discover where a user should go to update their password on origin.
Given an origin, clients generate a change password url by running these steps:
- If origin is not a potentially trustworthy origin, return failure.
- Assert: origin is a tuple origin.
- Let url be a new URL with values set as follows:
scheme origin’s scheme host origin’s host port origin’s port path « ".well-known", "change-password" ».
- Return url.