[Openid-specs-ab] Privacy Considerations
tonynad at microsoft.com
Mon Jul 25 12:51:42 UTC 2011
Can't all this just be left to user info enpoint and what features one wants to provide there?
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Nat Sakimura
Sent: Saturday, July 23, 2011 3:02 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Privacy Considerations
I have started to contemplate on the privacy considerations.
Several questions arises:
- When is the purpose of the use of the attribute determined?
-> either the claim request, or the redirect_url registration time.
- Is it not releasing too much information as a default?
- Should not the access log to the UserInfo made accessible to the user?
Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab