[Wg-p3] Consent anti-patterns

Paul Madsen paulmadsen at rogers.com
Wed Oct 7 15:06:40 EDT 2009


The Oauth community likes to refer to the 'password anti-pattern', ie 
the existing model of requiring users provide their non-local passwords 
to a site that then requests identity attributes of another.

I wonder if a relevant piece of work for P3 would be to collect 'consent 
anti-patterns', i.e. ill-advised UI mechanisms and sequences for 
collecting/managing consent that are seen in the wild.

Off-hand, I can think of

- providing insufficient granularity
- providing insufficient justification
- providing no graceful fallback
- providing insufficient support for management
- etc

Collecting the many ways in which consent is 'done' poorly might help 
define guidelines for doing it well. Collecting instances might be 
cathartic as well....

Regards

Paul

-- 
Paul Madsen
e:paulmadsen @ ntt-at.com
m:613-282-8647
web:connectid.blogspot.com
ConnectID <http://feeds.feedburner.com/%7Er/blogspot/gMwy/%7E6/1>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20091007/31dce608/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gMwy.1.gif
Type: image/gif
Size: 26429 bytes
Desc: not available
Url : http://kantarainitiative.org/pipermail/wg-p3/attachments/20091007/31dce608/attachment-0001.gif 


More information about the Wg-p3 mailing list