Server-to-server channel

McGovern, James F (HTSC, IT) James.McGovern at thehartford.com
Thu Apr 5 15:10:32 UTC 2007 

I would think this would be better solved by leveraging the Oracle
Identity Framework and using components such as AAPML and CARML

Message: 3
Date: Thu, 5 Apr 2007 10:57:22 +0000
From: Vinay Gupta <hexayurt at gmail.com>
Subject: Re: Re[3]: Server-to-server channel
To: Chris Drake <christopher at pobox.com>
Cc: Martin Atkins <mart at degeneration.co.uk>, specs at openid.net
Message-ID: <50552ED4-D7A9-4931-B294-B71AA5F29019 at gmail.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed


On having your private data cached: the current web model allows
businesses to simply own your data into a database, correlate it across
multiple databases (doubleclick) and so on.

I think that to expect them to give up this privilege (and revenue
stream from targeted advertising) is unrealistic, and caching OpenID
data is necessary for them to do so.

Therefore, I'd suggest that OpenID examines the various schemes for
providing a "Terms of Service" **from the user end** on access to
personal data: "by accessing my address, you attest that you will not  
1> store it for more than 30 days after our business transaction is
complete, 2> share it with anybody else" and so on. I seem to remember
that somebody had a language for expressing those kinds of privacy
preferences in a machine readable form but I'm not having any luck
remembering who it was...

Possibly the XRI folks know?

At least at that point, users can use the penalty clause on that
"shrinkwrap license" on their personal data to sue scumbags ("and if you
break these rules, you pay me $500.") HIPPA may also help.

Vinay


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************

More information about the specs mailing list