User Data Rights and Attribute Exchange
Dick Hardt
dick at sxip.com
Fri Nov 10 06:31:23 UTC 2006
Hi David
I don't know the deep details on P3P. It is better now then it was.
I envisioned that a request could include the P3P document, but more
likely include a URL of a standard P3P document.
Microsoft is also looking at looking at how a "P3P like" statement
could be used with CardSpace. Would be useful to coordinate with them.
-- Dick
On 9-Nov-06, at 10:21 PM, Recordon, David wrote:
> So I know in Simple Registration there is the "openid.sreg.policy_url"
> field which is designed to point to a privacy policy about how the RP
> intends to use the user data. I know there is also a working group
> within, I think, Identity Commons looking at user rights agreements.
> One idea that has come up is using P3P policies for a RP to express
> how
> the data they are requesting would be used and stored. This would be
> very easy for an IdP, in a trust request, to show the user this
> data as
> their choosing what information to share.
>
> I personally know very little about P3P, read through the spec
> tonight,
> and also know very little about the work currently happening around
> user
> rights as it relates to this. So those of you that know more than
> I do,
> how do you see this sort of technology becoming a part of whatever
> OpenID Attribute Exchange evolves into?
>
> --David
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
More information about the general
mailing list