[Openid-specs-ab] Connect Standard annotated word version
Michael.Jones at microsoft.com
Mon Jun 3 16:58:45 UTC 2013
OK - I'll give you this "SHOULD" if you give me the language proposed in #848 that John signed off on. :-)
Then, subject to other working group input, I think we will have reached closure on all the proposed changes so we can get back to having proposed Implementer's Drafts today again.
From: Nat Sakimura [mailto:sakimura at gmail.com]
Sent: Monday, June 03, 2013 9:16 AM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net; John Bradley
Subject: Re: Connect Standard annotated word version
Jun 4, 2013 0:34、Mike Jones <Michael.Jones at microsoft.com> wrote:
> As for changing the prompt:consent MUST to a SHOULD, I don’t
> understand the “obvious from other actions” comment,
It is quite well known concept.
For example, when you have ordered something to be delivered to your home, you do not need an explicit consent for it since it is obvious.
Explicit consent really only one of the possible conditions for processing even in EU Data Protection directive.
In Japan, we are even talking of banning unnecessary explicit consent right now in a government committee. A protocol should not step on these legal issues. It MAY say SHOULD but not MUST.
As to Pavlov effect, we are not talking about one RP here. It is potentially thousands of them. An OP should have some room to deal with it in the sense of consumer protection. Again, a protocol should not be prescriptive here. OP should be able not to show the consent dialogue and return an assertion without attributes other than that of authentication event.
More information about the Openid-specs-ab