User Data Rights and Attribute Exchange
Recordon, David
drecordon at verisign.com
Fri Nov 10 06:21:08 UTC 2006
So I know in Simple Registration there is the "openid.sreg.policy_url"
field which is designed to point to a privacy policy about how the RP
intends to use the user data. I know there is also a working group
within, I think, Identity Commons looking at user rights agreements.
One idea that has come up is using P3P policies for a RP to express how
the data they are requesting would be used and stored. This would be
very easy for an IdP, in a trust request, to show the user this data as
their choosing what information to share.
I personally know very little about P3P, read through the spec tonight,
and also know very little about the work currently happening around user
rights as it relates to this. So those of you that know more than I do,
how do you see this sort of technology becoming a part of whatever
OpenID Attribute Exchange evolves into?
--David
More information about the general
mailing list