[OpenID] OpenID SREG best practice question
George Fletcher
gffletch at aol.com
Wed Nov 12 18:24:15 UTC 2008
Well... I could see a best practice being that the OP needs to remember
which data has been sent to which RP and allow the user to revoke the
"permanent" consent. Or the "best practice" could be that "consent" is
never permanent and every time the RP asks the user has to approve again
(though previous selections could be remembered).
Thanks,
George
Eric Norman wrote:
> On Nov 12, 2008, at 10:20 AM, George Fletcher wrote:
>
>
>> Hi,
>>
>> I've been re-reading the SREG spec and I'm unsure as to the
>> best/correct
>> behavior in the case that an RP asks for SREG data that the user has
>> already provided/consented to in the past. I see at least 3 options..
>>
>
> Does she have an opportunity to change her mind?
>
> Eric Norman
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
More information about the general
mailing list