[Openid-specs-ab] Privacy Considerations
John Bradley
ve7jtb at ve7jtb.com
Sat Jul 23 11:13:31 UTC 2011
I don't know that it is practical to register purpose of use at registration.
I was thinking that that would eventually become part of the claim request meta-data, along with value and required trust framework etc.
It makes the request larger but is more flexible.
The other place to list that would be in some third party certified meta-data.
I could see checking with a meta-data repository if a RP is certified for EU safe harbour, and what attributes they are approved to collect.
That is sort of what Germany is doing now with there EID.
John
On 2011-07-23, at 4:02 AM, Nat Sakimura wrote:
> Hi.
>
> I have started to contemplate on the privacy considerations.
>
> Several questions arises:
>
> - When is the purpose of the use of the attribute determined?
> -> either the claim request, or the redirect_url registration time.
> - Is it not a good practice to return the terms of use of the data with it?
> - Is it not releasing too much information as a default?
> - Should not the access log to the UserInfo made accessible to the user?
>
> Best,
>
> --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110723/d67349ee/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110723/d67349ee/attachment.p7s>
More information about the Openid-specs-ab
mailing list