I think the motion here is going to be social/legal and not standards based.
We can preach on this all we want, but in the end folks like the EFF and major
privacy watchdogs will carry the water here.
On Monday, December 1, 2014 5:02 PM, Nat Sakimura <sakim...@gmail.com>
wrote:
Indeed, and there are commercial incentives for it.
I have doubts about the legal effectiveness of such consent but that is the
de-facto situation right now. On the longer run, there are initiatives like
information sharing and consent WG at Kantara and ISO/IEC SC 27/WG 5 study
group on notice and consent which hopefully would emerge with a better model
but that only helps the future and not now.
Do you have some suggestions to help the situation in the mean time?
On Tue Dec 02 2014 at 9:51:39 Bill Mills <wmills_92...@yahoo.com> wrote:
Mis-stated perhaps, but it's highlighting a core problem we punt on at the
protocol layer. FB as the example here tries to make teh friction of using a
FB login as low as possible, and so the user consent stuff is dialed down to
the very minimum of acceptable. This is the common pattern, get a user consent
and you're covered legally and then the drive is to make that consent as
minimally invasive (read effective) as possible.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
