[OpenID] About Facebook, MySpace and OpenID
Rabbit
rabbit at cyberpunkrock.com
Sat Apr 4 01:07:11 UTC 2009
On Apr 3, 2009, at 6:05 PM, SitG Admin wrote:
>> Internal service updates and service activity updates can be RSS
>> feeds the user subscribes to (or the OP displays to the user when
>> the user logs in).
>
> Idle thought - what if the user (or RP) has information to transfer
> to the user but doesn't want any of the OP's to see that data? Could
> that RP or another, through OAuth (which, it should be noted, I
> scarcely understand), get *permission* to display the data, through
> the OP('s), and then display this for the user?
>
> -Shade
It would be simple if the RP provides users the option on what
information should be published. The OP would then have a drop box
style endpoint where information can be published but only the owner
can read it. That would eliminate the need for permission checks.
This makes more sense because:
* RP has information and you decide what should be published
* OP receives information and you decide what should be displayed
Users should choose an OP they trust. From an e-mail perspective your
question reads "what if an RP wants to send example at gmail.com a
message but doesn't want gmail to see it?"
=Rabbit
More information about the general
mailing list