Re: [OAUTH-WG] OAuth in the news again....
Nat Sakimura <sakimura@gmail.com> Tue, 02 December 2014 01:02 UTC
Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DF801AC42D for <oauth@ietfa.amsl.com>; Mon, 1 Dec 2014 17:02:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dUDJZ2x0T8KE for <oauth@ietfa.amsl.com>; Mon, 1 Dec 2014 17:02:45 -0800 (PST)
Received: from mail-ig0-x235.google.com (mail-ig0-x235.google.com [IPv6:2607:f8b0:4001:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BDAF1AC42A for <oauth@ietf.org>; Mon, 1 Dec 2014 17:02:45 -0800 (PST)
Received: by mail-ig0-f181.google.com with SMTP id l13so10659179iga.8 for <oauth@ietf.org>; Mon, 01 Dec 2014 17:02:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:from:date:message-id:subject:to:cc :content-type; bh=re6Dq6FEHrylVtmwqGUkUAB2R33sUj7EaTDEY6F7b0s=; b=Ico0I766H5/nuoEzjNm4yF3FyzVnFqf3LS03F0j4M9ZaA4AahamFVeXqtIIjtemriD BURFNbbDyzZDWthPqyfq3ezAf/Y6sM5tv36zXAIf83/us0L+xjoj1AMh/sjD862A9pzs zw4wAJRo3RLclklVvYOuj2nNfOTBHahN8cEkhKwskb87KH1yJLBZZnYxeQXAepsp3mi1 5IyhkvJMHgDR3RCA1tZYT4d+caUH691O80YRQvkNk+cecngzXpwBqpIVBs9VHtl1unZU c8Bq47meuYB6jz+NYDzwlEse5byQ77ejpLs41mpxEZJVviPYVjRv2QR90xxHSWI0SUqg cMrw==
X-Received: by 10.50.30.227 with SMTP id v3mr779502igh.24.1417482164545; Mon, 01 Dec 2014 17:02:44 -0800 (PST)
MIME-Version: 1.0
References: <547C9669.3060802@gmx.net> <7B8DD27E-A180-4A13-869E-884F01E2DE36@ve7jtb.com> <547CBA40.3080004@gmx.net> <CABzCy2BNSj7-37F9DkTawTBHUn5y98pHv2p0feDO5CM7635L7g@mail.gmail.com> <20822968.1652156.1417481498275.JavaMail.yahoo@jws10602.mail.bf1.yahoo.com>
From: Nat Sakimura <sakimura@gmail.com>
Date: Tue, 02 Dec 2014 01:02:44 +0000
Message-ID: <CABzCy2C_sOP23rjXj-3FtJ5=vU1SKt6pVwS9o9k8VsHUyNwdyg@mail.gmail.com>
To: Bill Mills <wmills_92105@yahoo.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary="047d7ba96ef6e4b1e10509314801"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/CwIqbywPHTRZdJorqYLxUqGYKO0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth in the news again....
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 01:02:47 -0000
Indeed, and there are commercial incentives for it. I have doubts about the legal effectiveness of such consent but that is the de-facto situation right now. On the longer run, there are initiatives like information sharing and consent WG at Kantara and ISO/IEC SC 27/WG 5 study group on notice and consent which hopefully would emerge with a better model but that only helps the future and not now. Do you have some suggestions to help the situation in the mean time? On Tue Dec 02 2014 at 9:51:39 Bill Mills <wmills_92105@yahoo.com> wrote: > Mis-stated perhaps, but it's highlighting a core problem we punt on at the > protocol layer. FB as the example here tries to make teh friction of using > a FB login as low as possible, and so the user consent stuff is dialed down > to the very minimum of acceptable. This is the common pattern, get a user > consent and you're covered legally and then the drive is to make that > consent as minimally invasive (read effective) as possible. >
- [OAUTH-WG] OAuth in the news again.... Hannes Tschofenig
- Re: [OAUTH-WG] OAuth in the news again.... Kathleen Moriarty
- Re: [OAUTH-WG] OAuth in the news again.... Bill Mills
- Re: [OAUTH-WG] OAuth in the news again.... John Bradley
- Re: [OAUTH-WG] OAuth in the news again.... Phil Hunt
- Re: [OAUTH-WG] OAuth in the news again.... Hannes Tschofenig
- Re: [OAUTH-WG] OAuth in the news again.... Nat Sakimura
- Re: [OAUTH-WG] OAuth in the news again.... Bill Mills
- Re: [OAUTH-WG] OAuth in the news again.... Nat Sakimura
- Re: [OAUTH-WG] OAuth in the news again.... Bill Mills