946
edits
Changes
→Requirements
* Service implements OpenID attribute exchange to disclose information we hold (e.g., email address)
* Provide sites with metadata about the strength and properties of the ID:
** First-party sign-in vs federated** Number of associated (verified) federated accounts** User has been been subject to a captcha** Times since last ID verification or captcha
* Todo: determine if strength data disclosure requires user consent
* Todo: determine if we should pass through data from other services (e.g., user's Twitter username)