Closed ianbjacobs closed 2 years ago
Here are some potentially relevant FIDO resources:
FIDO Authenticator Lifecycle Management for IT Administrators https://fidoalliance.org/fido-authenticator-lifecycle-management-for-it-administrators/
White Paper: Enterprise Adoption Best Practices – Managing FIDO Credential Lifecycle for Enterprises https://fidoalliance.org/white-paper-enterprise-adoption-best-practices-managing-fido-credential-lifecycle-for-enterprises/
I've also asked a question in "How to FIDO" https://github.com/fido-alliance/how-to-fido/issues/35
Through a conversation today one idea came up: could the enrollment API take as input from the relying party a URL to a lifecycle management page, so the user can "opt out" some SPC credentials?
I've decided to close this issue in favor of #172
Hi all,
Lawrence Cheng and I were chatting today and he raised an issue I had not yet thought about: unenrollment of SPC credentials. It seems to me there are multiple topics here:
Are the second two necessary? If so, from an API perspective is anything needed? Or is this just "good practice" documentation?
I have not yet looked into what FIDO says about unenrollment. That could be a good starting point.
Ian