[Openid-specs-fapi] Issue #318: Privacy consideration - "replay of long term grants at AS" (openid/fapi)
issues-reply at bitbucket.org
Wed Sep 23 14:55:15 UTC 2020
New issue 318: Privacy consideration - "replay of long term grants at AS"
Discussion under consent here: [https://bitbucket.org/openid/fapi/pull-requests/187](https://bitbucket.org/openid/fapi/pull-requests/187)
We have this clause: “should clearly identify long-term grants to the user during authorization as in 16.18 of [OIDC](https://openid.net/specs/openid-connect-core-1_0.html); and”
But there is a suggestion that we have something in the privacy considerations, maybe….
> \(Data misidentification by User at RP\) User could misunderstand the data they are releasing to the RP, so best practice is for the AS to make clear what data will be released to the RP.
I’m not happy with the wording, but its a start.
Responsible: Dave Tonge
More information about the Openid-specs-fapi