As part of #1158436: perform security audit, I believe we should allow users to opt-out or blacklist relying parties (RP).

The best practices recommendations are quite clear on this:

Users should opt-in to allowing checkid_immediate for each RP that they want to automatically sign into. OPs should NOT enable checkid_immediate for RPs that the user had not previously signed into. OPs must allow users to opt-out of checkid_immediate after they have opted in.

So right now we allow users to automatically allow certain RPs (what we call "auto-release"), but we should also auto-deny, because otherwise it means the user can be coerced into leaking information to RPs...

Coming from #396508: Make user/N/openid-sites themable and default to table display.

Comments

paranojik’s picture

Please take a look at #314781 as the patch there already allows to blacklist RPs. This issue may be duplicate.

anarcat’s picture

No. This here is different, it is to allows *users* to choose that setting. #314781: Access rules for realms is for admins.

I had this working for a while in this patch (in issue #396508: Make user/N/openid-sites themable and default to table display) but it was introducing a regression... But basically, the idea is to turn the "always, yes, no" into "always, yes, no, never". Similar for the list of sites.