search

teamforus / me

App for managing identity, assets and records
3 stars 2 forks source link

RFC : Logging out and Inactivity MEapp #16

Closed TomForus closed 6 years ago

TomForus commented 6 years ago

Logging out and Inactivity MEapp

Description

This issue has been made to discuss the possibilities considering logging out and inactivity of the MEapp.

Functional Design (Enhancement)

  1. What should happen when a user is inactive for a X amount of time?
  2. How long should it take before the inactive user gets logged out?
  3. What should happen when the user is logging out?
  4. How can we do the implementation of these issues?

User Story: This RFC should make it possible to create consensus about how and when a user logs out when he or she is inactive for an X amount of time.

Adittions

Attendants of the meeting considering this issue: @maartenfv @martijndoornik @maxvisser @danrminds @dev-weget

jamalv commented 6 years ago

Since this is the account you use to potentially log in to your other accounts, and since you need delegates to sign in, logging out seems like a bad idea. A lot of the day-to-day security is done by the operating system; you need to log in to the phone, and the phone is probably secured.

jamalv commented 6 years ago

Logging out (deleting the app) is the same as losing your device, or it getting stolen. You will need help of your delegates to restore it.

Another question is the permanent deletion of an identity. This seems like a pretty bad idea, but maybe we need to enable it to comply with the law and allow for edge cases.

maxvisser commented 6 years ago

In my opinion we could let the user deactivate his or her wallet. Basically keeping all stored data/keys. The account should then be locked with a password because when you reactivate your account it needs somekind of authorization.

TomForus commented 6 years ago

Why isn't their anyone assigned to this Issue? I can't assign anyone at the moment. @jamalv Can you assign someone?

jamalv commented 6 years ago

@tom At this moment this issue is not actively being worked on, and in my eyes it is not immediately relevant. I will assign it when it becomes more urgent.

TomForus commented 6 years ago

It is in my personal issues. Any possibility that it will not be in my personal issue list?

maxvisser commented 6 years ago

@jamalv What do you think about this issue. Do we want to answer these questions for the me app of august?

MaartenForus commented 6 years ago

Any updates on this one? @jamalv @maxvisser

In terms of logging out what do we exactly mean by this?

Is re-entering your pincode logging out or is that vergrendelen van het account?

jamalv commented 6 years ago

First version of the me app will be running on our servers, allowing us to offer traditional login-logout functionality, when moving to self-sovereign identity with keys on device this model will change.

Closing the issue for now.