<div dir="ltr">that's a good guess. Perhaps it needs to be articulated in the core std if true. Does anyone have a better definition?<div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Peace ..tom</div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Mar 20, 2019 at 2:41 PM Nick Roy <<a href="mailto:nroy@internet2.edu">nroy@internet2.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>
<div>
<div style="font-family:sans-serif"><div style="white-space:normal"><p dir="auto">Isn’t the purpose of use statement what the OP is required to display to a user before they consent to release the data?</p>
<p dir="auto">Nick</p>
<p dir="auto">On 20 Mar 2019, at 15:37, Tom Jones via Openid-specs-ab wrote:</p>
</div>
<blockquote style="border-left:2px solid rgb(119,119,119);color:rgb(119,119,119);margin:0px 0px 5px;padding-left:5px"><div id="gmail-m_-797555061925778816074C226B4-A60D-4BC3-BE83-23234D299A29"><div dir="ltr">I was thinking about the assurance doc and privacy considerations. I found the following in the core oidc doc and several others. Its meaning is not clear to me<u>, purpose of use</u> seems not to be defined any where and not a current term of art. Does anyone have any back story on this section? If not i might try to word it in terms of EU and CA legislation.<div><br></div><div><h3 style="font-family:helvetica,monaco,"MS Sans Serif",arial,sans-serif;color:rgb(51,51,51);background-color:transparent">17.1. Personally Identifiable Information</h3><p style="margin-left:2em;margin-right:2em;color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">The UserInfo Response typically contains Personally Identifiable Information (PII). As such, End-User consent for the release of the information for the specified purpose should be obtained at or prior to the authorization time in accordance with relevant regulations. The purpose of use is typically registered in association with the <tt style="color:rgb(0,51,102);font-family:"Courier New",Courier,monospace">redirect_uris</tt>.</p><p style="margin-left:2em;margin-right:2em;color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">Only necessary UserInfo data should be stored at the Client and the Client SHOULD associate the received data with the purpose of use statement.</p><div><div dir="ltr" class="gmail-m_-7975550619257788160gmail_signature"><div dir="ltr"><div>Peace ..tom</div></div></div></div></div></div></div></blockquote>
<div style="white-space:normal"><blockquote style="border-left:2px solid rgb(119,119,119);color:rgb(119,119,119);margin:0px 0px 5px;padding-left:5px">
</blockquote><blockquote style="border-left:2px solid rgb(119,119,119);color:rgb(119,119,119);margin:0px 0px 5px;padding-left:5px"><p dir="auto">_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" style="color:rgb(119,119,119)" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></p>
</blockquote></div>
</div>
</div>
</blockquote></div>