[Txauth] User consent
Tom Jones <thomasclinganjones@gmail.com> Fri, 10 July 2020 18:43 UTC
Return-Path: <thomasclinganjones@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD7983A083E for <txauth@ietfa.amsl.com>; Fri, 10 Jul 2020 11:43:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CKvDtvfsqvlQ for <txauth@ietfa.amsl.com>; Fri, 10 Jul 2020 11:43:19 -0700 (PDT)
Received: from mail-oi1-x233.google.com (mail-oi1-x233.google.com [IPv6:2607:f8b0:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4073C3A083D for <txauth@ietf.org>; Fri, 10 Jul 2020 11:43:19 -0700 (PDT)
Received: by mail-oi1-x233.google.com with SMTP id l63so5564364oih.13 for <txauth@ietf.org>; Fri, 10 Jul 2020 11:43:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Pr1cU2IA6e7DAPC1kNpaVa1Av5f1NTlLE0htLQ7Hnx0=; b=BuOIjx6alNq9yX6HOWpdhGe9k+lbu/29BVdtaTt50BNbt+jHjI6Xy+XzPTFQn6jowS w1aj9xU3RRyWhwkXsKN4btaSy9dm3dPv3jLurzapn1RMBOH4hngiZ2H9vtd1/eFH3UAU 1X3cTsue5jVaR7Vm8syLWkOGhjLi2PGrOD2b/nvjU7GDOYfSWsah4xPo1cvauWawWBoU YGN8k1OK91KFGPN/ngm1W7Qwcbsj4PLyEQqd83If0kcq7MCFi5WAbaabm/y+UpdYr5CQ E3B6BQwdsB7aFjftlZeNvas/6kdBj5KB+N/0B2tNDE0RQQ2DIbQAQeIJW6JjK18GIrwm La4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Pr1cU2IA6e7DAPC1kNpaVa1Av5f1NTlLE0htLQ7Hnx0=; b=Ob5qlPW3xByeb3AWFh9Mwx8p9gGFcBodh2VftcALLNiUU0dFzZHZbia6xdMeeUdgxj 6GHRTieMR1ggKlBqi0JPcm9fj9utXBUbZ2Ax5IiOx43xsphW20NF7mPT9H/HEPUSrhos YjwrkABAM3IqeB+V75bgpbk4fx+sPM07Y5wU20p70EeGG7Xv4XWraVRgxvEftIkXq+WT I1HlnN/oXYIFaHRVmIdR2/aiN7LyqEMt9F8OgiLYB/vTaGMUwYKue9N0/eecbjHnXhL7 KcQM0kuw9Bu25cCchpN+lHYaJQeXYhmGkPw5ExawZKYAd+b22kSJS1PDTfbZIYQKhBVA SCGA==
X-Gm-Message-State: AOAM530LWCTxFIl57uWhJqbWe2+lujy58ldpxMwuGmzxcwoBC36TuzBH L3bTHHuUhg3c2DvcCX8F2AtgzOiuvVQrl2u3swVFXw==
X-Google-Smtp-Source: ABdhPJyuWg4EtbGvWhc9XiRP9jm35ZwKQRi8VttDfyTAn84eLIuzvpXgC5nqDXK6rpVn0+ZwzMFUUCArUqrgr2rMIZs=
X-Received: by 2002:aca:aa57:: with SMTP id t84mr5349639oie.131.1594406597940; Fri, 10 Jul 2020 11:43:17 -0700 (PDT)
MIME-Version: 1.0
From: Tom Jones <thomasclinganjones@gmail.com>
Date: Fri, 10 Jul 2020 11:43:06 -0700
Message-ID: <CAK2Cwb6m44GgTT8ZHtrz0=RcAJRSePD3nxaxDTzMS69bja-=Hg@mail.gmail.com>
To: txauth@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e5db6a05aa1ab65b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/fdAagN6tox3ie0tImlu_-O0y1Ps>
Subject: [Txauth] User consent
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2020 18:43:21 -0000
Dick said: >From a privacy perspective in non-enterprise use cases, I think the user should give consent to any updated personal information to a client. In general, the client should not be able to get the latest information about a user whenever it wants. My statement about user consent from kantara perspective: The above statement is not machine proccessible. This can only be fixed if the as or rs knows what the user consented to. One element of consent needs to be the expiration time. Could this group create the minimum viable consent? U thx ..Tom (mobile)
- [Txauth] User consent Tom Jones
- Re: [Txauth] User consent Dick Hardt
- Re: [Txauth] User consent Tom Jones