[WG-InfoSharing] Things to consider ...
colin_wallis at hotmail.com
Thu Jan 31 21:11:44 EST 2013
Great thoughts Nat
NZ Gov's (Lionel and Colin's..and probably the solution archiect of our consent service, Venkat) ..... see below
Date: Thu, 31 Jan 2013 13:37:51 +0900
From: sakimura at gmail.com
To: wg-infosharing at kantarainitiative.org
Subject: [WG-InfoSharing] Things to consider ...
... for the rechartering.
As I see, Standard label "protocol" has three maturity phases.
ph.1 - Just a text / graphical display. Human readable, but not quite machine readable.
ph.2 - Machine readable structured data version. In this case, the multi-lingual support becomes trivial.
ph.3 - Auto-negotiation between the client and the server. The authorization server / user-agent
stores the user preference and judges if the request falls into "ok" or "ask" category.
In the later case, the user will be prompted to review and give consent.
>From the operational point of view, the labels have to be stored at a trusted archive.
Otherwise, the client may launch an attack to the users by changing the labels and saying
that it was like that all the time and the user gave consent to it.
For this reason, it may be a good practice to have a trusted repository in which the labels are stored,
and the IdP or Apps pulling the label from the repository to show it to the user.
In case of IdP, the IdP can store the fact that the user gave consent at such and such time,
so that it can be compared to the repository.
In case of an App that wants to pull the data from the device, it gets more challenging.
It is probably better to have a local IdP and the Apps to interact with it,
but it is a long way to go.
<<NZ: sure, a long way to go, but we have started the journey. CC'ing in Kantara eGov here because work going on there is starting to cross over here. Take a look at the NZ contribution 'centralized consent service' off this link.
Nat Sakimura (=nat)
Chairman, OpenID Foundation
_______________________________________________ WG-InfoSharing mailing list WG-InfoSharing at kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-infosharing
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-InfoSharing