[OpenID] OpenID and the COPPA
David Recordon
drecordon at sixapart.com
Wed Apr 2 00:03:47 UTC 2008
Hey Brendon,
Would this not be dealt with at the OpenID Provider (assuming US law)
where they first would ask the user if they are over 13 years of age
before storing information to use in SREG or AX? Not saying that is
the entire answer, but in many cases it might hold true. A RP could
also theoretically ask the user if they are 13 on the return trip
from the OP before creating a user account.
--David
On Apr 1, 2008, at 2:52 PM, Brendon J. Wilson wrote:
> Hi all,
>
> I'm curious if anyone has given any thought to the possible
> ramifications of COPPA (the Child Online Privacy and Protection Act)
> on the proliferation of OpenID? My understanding is that COPPA
> requires service providers to obtain permission from a parent to
> collect, disclose, etc information from a child less than 13 years of
> age. It appears to me that the Simple Registration Extension would
> qualify as disclosure of the user's personal information, and hence a
> relying party would need some way to confirm a user's age and parental
> permission prior to, or perhaps as part of, allowing an underage user
> to authenticate via OpenID?
>
> Brendon
> ---
> Brendon J. Wilson
> www.brendonwilson.com
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list