[Openid-specs-fapi] Issue #318: Privacy consideration - "replay of long term grants at AS" (openid/fapi)

dgtonge issues-reply at bitbucket.org
Wed Sep 23 14:55:15 UTC 2020


New issue 318: Privacy consideration - "replay of long term grants at AS"
https://bitbucket.org/openid/fapi/issues/318/privacy-consideration-replay-of-long-term

Dave Tonge:

Discussion under consent here: [https://bitbucket.org/openid/fapi/pull-requests/187](https://bitbucket.org/openid/fapi/pull-requests/187)

We have this clause: “should clearly identify long-term grants to the user during authorization as in 16.18 of [OIDC](https://openid.net/specs/openid-connect-core-1_0.html); and”

But there is a suggestion that we have something in the privacy considerations, maybe….

> \(Data misidentification by User at RP\) User could misunderstand the data they are releasing to the RP, so best practice is for the AS to make clear what data will be released to the RP.

I’m not happy with the wording, but its a start.

‌

Responsible: Dave Tonge


More information about the Openid-specs-fapi mailing list