So, I'm looking at #96, and redefining previous so that it doesn't have a polymorphic value (per #164) seems like it'd knock out two schema-unfriendly birds with one stone (per #146, and following the lead of #149).
Moreover, there are two kinds of "previous password" restrictions that a site can put in place: there's "the last X passwords", as the value is currently defined - but there's also time-based recency (similar to #257), where a site can blacklist passwords used in the last few months (for instance).
As such, I think this field should get split into password.value.blacklist.previous.count and password.value.blacklist.previous.period, where the former is a number, and the latter is a timespan string (where I'm thinking "mo" might be used to represent months in a way that can't be confused with minutes, though I'm also considering having "months" just be represented as a number of days times 30 unless it can be proven that that's not how they're counting months).
This would also open up a more comfortable field for sidestepping the "JSON not having a way to represent Infinity" problem noted in #200, by letting "all the passwords you've ever had" be represented as period: forever instead of a polymorphic value for the count.
So, I'm looking at #96, and redefining
previous
so that it doesn't have a polymorphic value (per #164) seems like it'd knock out two schema-unfriendly birds with one stone (per #146, and following the lead of #149).Moreover, there are two kinds of "previous password" restrictions that a site can put in place: there's "the last X passwords", as the value is currently defined - but there's also time-based recency (similar to #257), where a site can blacklist passwords used in the last few months (for instance).
As such, I think this field should get split into
password.value.blacklist.previous.count
andpassword.value.blacklist.previous.period
, where the former is a number, and the latter is a timespan string (where I'm thinking "mo" might be used to represent months in a way that can't be confused with minutes, though I'm also considering having "months" just be represented as a number of days times 30 unless it can be proven that that's not how they're counting months).This would also open up a more comfortable field for sidestepping the "JSON not having a way to represent
Infinity
" problem noted in #200, by letting "all the passwords you've ever had" be represented asperiod: forever
instead of a polymorphic value for the count.