[Openid-specs-ab] assurance and purpose of use statement.
Tom Jones
thomasclinganjones at gmail.com
Wed Mar 20 22:02:52 UTC 2019
that's a good guess. Perhaps it needs to be articulated in the core std if
true. Does anyone have a better definition?
Peace ..tom
On Wed, Mar 20, 2019 at 2:41 PM Nick Roy <nroy at internet2.edu> wrote:
> Isn’t the purpose of use statement what the OP is required to display to a
> user before they consent to release the data?
>
> Nick
>
> On 20 Mar 2019, at 15:37, Tom Jones via Openid-specs-ab wrote:
>
> I was thinking about the assurance doc and privacy considerations. I found
> the following in the core oidc doc and several others. Its meaning is not
> clear to me*, purpose of use* seems not to be defined any where and not a
> current term of art. Does anyone have any back story on this section? If
> not i might try to word it in terms of EU and CA legislation.
>
> 17.1. Personally Identifiable Information
>
> The UserInfo Response typically contains Personally Identifiable
> Information (PII). As such, End-User consent for the release of the
> information for the specified purpose should be obtained at or prior to the
> authorization time in accordance with relevant regulations. The purpose of
> use is typically registered in association with the redirect_uris.
>
> Only necessary UserInfo data should be stored at the Client and the Client
> SHOULD associate the received data with the purpose of use statement.
> Peace ..tom
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190320/bd457001/attachment.html>
More information about the Openid-specs-ab
mailing list