Re: [OAUTH-WG] OAuth in the news again....
Bill Mills <wmills_92105@yahoo.com> Tue, 02 December 2014 01:05 UTC
Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 702311ACDF9 for <oauth@ietfa.amsl.com>; Mon, 1 Dec 2014 17:05:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.191
X-Spam-Level: *
X-Spam-Status: No, score=1.191 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TWNFi_2BZu-S for <oauth@ietfa.amsl.com>; Mon, 1 Dec 2014 17:05:13 -0800 (PST)
Received: from nm32-vm6.bullet.mail.bf1.yahoo.com (nm32-vm6.bullet.mail.bf1.yahoo.com [72.30.239.142]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 279C21ACDF7 for <oauth@ietf.org>; Mon, 1 Dec 2014 17:05:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1417482312; bh=WdbF1ykkikwBE9Hynw6TH0pDzg7ITrqa7NgpIU5kBeE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=HhoOPErWeoYND6ELScmV8fHeDKBetVlXdR9pJnOlv/CtFqCEKDPVFBeOPqsGynDzV9178SVO/5ZTaxFdUS4wqztSkMgs1HS5vyidXjqWCDvNiIDnOIRxASKm0O17EtrBrVKbsUDcN6LppuKu/b9apGr2YswIYaxdL9dD4vU3lACSz/pAbfoyAvKXFv1TsG6ihD6enplcXnTvO/b6d7n6AE7BMdDqtW9NYVq8U4UuTlvTliv0FHKpX4gS80dNLPctE6SZtTh7oL9kt4IZl4tgcWLiflaILPyiAKvh05x9+80e/R6F69LOvP2S/UPFv5YIiDHf711qUfK3zXkhTkh0Zw==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=Qm7bFHc3N6Ap9gLFeT3IJO9bRH7JyvlcQc3oDcRY9Hf2f0VPRbcYt3TgDPr1misAB7ceR17w20WilwGxOy1v2xOxOpVl15NTY/KSd/0muCSmkJFNAxqiJhBXeJrheknE2Rj2m6E02Zibybvfn+M8QUHcHeW28fELXzTpXt6XbDt6SZoJiu6EQLcg+QYVF5IFbGo4T0p8VAxUo3dWCA0xESF145vBTa1hryWmIxGuqWinYqd14pIAirh8oydI+YuvarJ/yOjxABddIJtuni5NE25y/84icbL56niQS2rVOrX1WvghaxLVmKPpDC4cnuXfdJxhnfT+F0W0ulTheyAMYg==;
Received: from [98.139.215.140] by nm32.bullet.mail.bf1.yahoo.com with NNFMP; 02 Dec 2014 01:05:12 -0000
Received: from [98.139.212.192] by tm11.bullet.mail.bf1.yahoo.com with NNFMP; 02 Dec 2014 01:05:11 -0000
Received: from [127.0.0.1] by omp1001.mail.bf1.yahoo.com with NNFMP; 02 Dec 2014 01:05:11 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 855207.24990.bm@omp1001.mail.bf1.yahoo.com
X-YMail-OSG: unkC5rgVM1kNsH42dOceWFzsUqkVJ9jgidfbYrnTecKWyQA1TuhP9S6_1Zwg0Cz vsnrnJD8NR9p9VozGam7F0HylqNFMddq_JnZdKvGn9Bx5m6j4Lz6ZZEHh0iaVYOgAKxYZGBc7cli 6FHQ9QCi2lxsi6enx2lNg4uONguTyv4fkrkK8vvnlzMlgQkX2FtQ2c28Cna15lb23Nhs3rvSV_Sy n31zvvkxhd6jhuSRtaREBbPEtAFulGWCXtZ2uX1EIV41uW06tRK1xuiAsV1vuYjguyHqLoL4D5ZW 9OQS1aDUBcI6J2JibH.dtLv4flrkTG0ETaM8bIAhYyqq_iMHO8mGnBt7tffkS84sktyeJL2x43K0 nnLpV3lci_aeQ58t_ini1_dt7NhWUWiqE.RrrqmOyCeonqr0.8yB.Jucw1gyaxrZLZjkLhvHyG9Z AV_n4Zbr24XvPiIbsMuKFP3HGWxceZemNhGuPEwcZJ8OWan__XevbfvMOCvrFKL9Jr2s8F2nD8nQ-
Received: by 66.196.80.122; Tue, 02 Dec 2014 01:05:11 +0000
Date: Tue, 02 Dec 2014 01:05:11 +0000
From: Bill Mills <wmills_92105@yahoo.com>
To: Nat Sakimura <sakimura@gmail.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, John Bradley <ve7jtb@ve7jtb.com>
Message-ID: <891996597.3522529.1417482311114.JavaMail.yahoo@jws10677.mail.bf1.yahoo.com>
In-Reply-To: <CABzCy2C_sOP23rjXj-3FtJ5=vU1SKt6pVwS9o9k8VsHUyNwdyg@mail.gmail.com>
References: <547C9669.3060802@gmx.net> <7B8DD27E-A180-4A13-869E-884F01E2DE36@ve7jtb.com> <547CBA40.3080004@gmx.net> <CABzCy2BNSj7-37F9DkTawTBHUn5y98pHv2p0feDO5CM7635L7g@mail.gmail.com> <20822968.1652156.1417481498275.JavaMail.yahoo@jws10602.mail.bf1.yahoo.com> <CABzCy2C_sOP23rjXj-3FtJ5=vU1SKt6pVwS9o9k8VsHUyNwdyg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_3522528_865262420.1417482311109"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/enjTXYzHb9RlT-iBpY5WcuwZI-0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth in the news again....
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 01:05:16 -0000
I think the motion here is going to be social/legal and not standards based. We can preach on this all we want, but in the end folks like the EFF and major privacy watchdogs will carry the water here. On Monday, December 1, 2014 5:02 PM, Nat Sakimura <sakimura@gmail.com> wrote: Indeed, and there are commercial incentives for it. I have doubts about the legal effectiveness of such consent but that is the de-facto situation right now. On the longer run, there are initiatives like information sharing and consent WG at Kantara and ISO/IEC SC 27/WG 5 study group on notice and consent which hopefully would emerge with a better model but that only helps the future and not now. Do you have some suggestions to help the situation in the mean time? On Tue Dec 02 2014 at 9:51:39 Bill Mills <wmills_92105@yahoo.com> wrote: Mis-stated perhaps, but it's highlighting a core problem we punt on at the protocol layer. FB as the example here tries to make teh friction of using a FB login as low as possible, and so the user consent stuff is dialed down to the very minimum of acceptable. This is the common pattern, get a user consent and you're covered legally and then the drive is to make that consent as minimally invasive (read effective) as possible.
- [OAUTH-WG] OAuth in the news again.... Hannes Tschofenig
- Re: [OAUTH-WG] OAuth in the news again.... Kathleen Moriarty
- Re: [OAUTH-WG] OAuth in the news again.... Bill Mills
- Re: [OAUTH-WG] OAuth in the news again.... John Bradley
- Re: [OAUTH-WG] OAuth in the news again.... Phil Hunt
- Re: [OAUTH-WG] OAuth in the news again.... Hannes Tschofenig
- Re: [OAUTH-WG] OAuth in the news again.... Nat Sakimura
- Re: [OAUTH-WG] OAuth in the news again.... Bill Mills
- Re: [OAUTH-WG] OAuth in the news again.... Nat Sakimura
- Re: [OAUTH-WG] OAuth in the news again.... Bill Mills