[Openid-specs-ab] [openid-specs-rande] You should read Torsten's proposal

Torsten Lodderstedt torsten at lodderstedt.net
Sat May 11 05:21:58 UTC 2019


Hi Nick,

> Am 10.05.2019 um 23:02 schrieb Nick Roy <nroy at internet2.edu>:
> 
> This is excellent.
> 
Thanks :-)
> My only comment is in relation to section 10, "Privacy Consideration":
> 
> The document notes: "OP and RP MUST establish a legal basis before exchanging any personally identifiable information."
> 
> Does membership in a multilateral federation, where both parties have signed a participation agreement with the federation (but not each other) constitute a legal basis for the exchange? What about a situation where an OP is in one federation, and has signed its participation agreement, the RP is in another federation, and has signed its participation agreement, and the operators of both federations have signed an interfederation agreement with a party such as eduGAIN?
> 
Ultimately, this question needs to be answered by a lawyer.

I think in the EU the user would need to agree the the data transfer as well. That could happen via a user consent embedded in the flow or as part of the terms of service with the OP, the user accepts when registering. 

best regards,
Torsten.
> Thank you,
> 
> Nick
> 
> On 8 May 2019, at 8:34, Torsten Lodderstedt wrote:
> 
> Sounds good ;-)
> 
> Look forward to getting you feedback.
> 
> @Roland: thanks for your announcement.
> 
>> Am 08.05.2019 um 16:11 schrieb Nick Roy <nroy at internet2.edu>:
>> 
>> Thanks! I talked with Torsten about this at IIW last fall, glad to see it moving along. I will review.
>> 
>> Best,
>> 
>> Nick
>> 
>> On 8 May 2019, at 1:36, Roland Hedberg wrote:
>> 
>> Hi!
>> 
>> For those who have missed the announcement.
>> 
>> From the abstract:
>> 
>> "This specification defines an extension of OpenID Connect for providing Relying Parties with verified person data. 
>> This extension is intended to be used to verify the identity of a person in compliance with a certain law."
>> 
>> https://openid.net/specs/openid-connect-4-identity-assurance-02.html
>> 
>> — Roland
>> Scratch a pessimist and you find often a defender of privilege. -William Beveridge, economist and reformer (5 Mar 1879-1963) 
>> 
>> -- 
>> openid-specs-rande mailing list
>> openid-specs-rande at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-rande
>> 
>> -- 
>> openid-specs-rande mailing list
>> openid-specs-rande at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-rande
> 
> -- 
> openid-specs-rande mailing list
> openid-specs-rande at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-rande
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190511/2fe20206/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3711 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190511/2fe20206/attachment-0001.p7s>


More information about the Openid-specs-ab mailing list