OpenID Provider Commands for account lifecycle

[dickhardt]

Since trust in an OP is part of the model here, a new OpenID Foundation spec could help with account lifecycle at some point.

https://openid.github.io/openid-provider-commands/main.html

Access to SSH on machines could then be managed centrally using activate and delete and there is also unauthorize that would kill any active sessions for a given user.

[EthanHeilman]

Thanks for this, it sounds like adding support for this could be very valuable. Do you know how widely deployed this is at OPs?

[dickhardt]

Not deployed at all at this time! ... we are just at the -00 draft -- but would love to get input that would ensure it supported this use case (I'm one of the authors)

[EthanHeilman]

Let me read it over and get back to you. It sounds like it would be very useful for opkssh