[Openid-specs-ab] Privacy Considerations
Anthony Nadalin
tonynad at microsoft.com
Mon Jul 25 12:51:42 UTC 2011
Can't all this just be left to user info enpoint and what features one wants to provide there?
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Nat Sakimura
Sent: Saturday, July 23, 2011 3:02 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Privacy Considerations
Hi.
I have started to contemplate on the privacy considerations.
Several questions arises:
- When is the purpose of the use of the attribute determined?
-> either the claim request, or the redirect_url registration time.
- Is it not a good practice to return the terms of use of the data with it?
- Is it not releasing too much information as a default?
- Should not the access log to the UserInfo made accessible to the user?
Best,
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110725/94d49654/attachment.html>
More information about the Openid-specs-ab
mailing list