[Openid-specs-ab] Privacy Considerations

Anthony Nadalin tonynad at microsoft.com
Mon Jul 25 12:51:42 UTC 2011

Can't all this just be left to user info enpoint and what features one wants to provide there?

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Nat Sakimura
Sent: Saturday, July 23, 2011 3:02 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Privacy Considerations


I have started to contemplate on the privacy considerations.

Several questions arises:

- When is the purpose of the use of the attribute determined?
    -> either the claim request, or the redirect_url registration time.
- Is it not a good practice to return the terms of use of the data with it?
- Is it not releasing too much information as a default?
- Should not the access log to the UserInfo made accessible to the user?


Nat Sakimura (=nat)
Chairman, OpenID Foundation

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110725/94d49654/attachment.html>

More information about the Openid-specs-ab mailing list