[Openid-specs-ab] assurance and purpose of use statement.
Tom Jones
thomasclinganjones at gmail.com
Wed Mar 20 21:37:39 UTC 2019
I was thinking about the assurance doc and privacy considerations. I found
the following in the core oidc doc and several others. Its meaning is not
clear to me*, purpose of use* seems not to be defined any where and not a
current term of art. Does anyone have any back story on this section? If
not i might try to word it in terms of EU and CA legislation.
17.1. Personally Identifiable Information
The UserInfo Response typically contains Personally Identifiable
Information (PII). As such, End-User consent for the release of the
information for the specified purpose should be obtained at or prior to the
authorization time in accordance with relevant regulations. The purpose of
use is typically registered in association with the redirect_uris.
Only necessary UserInfo data should be stored at the Client and the Client
SHOULD associate the received data with the purpose of use statement.
Peace ..tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190320/074003a7/attachment.html>
More information about the Openid-specs-ab
mailing list