Re: Identity providers as first parties

Shane, Kimon, 

On Thursday 14 June 2012 16:47:03 Shane Wiley wrote:
> I’ve used a few others and they appears to do the same so I’m
> confused as to what real-world identity provider scenario someone
> is considering where consent wasn’t already obtained?

I confirm that we agreed that the out-of-band agreement will trump 
the DNT:1 signal. We also agreed that the service has to signal this 
to the client. 

I guess, what Rob is trying to achieve is to say, even in this 
context, a service could offer the choice of stopping to track and 
only use information for the login/authentication purpose. This 
could be the meaning of DNT:1 if the Service sends ACK in a 
login/authentication context. If you're looking for medical 
information in a login context, you don't want your login provider 
to spawn that to your insurance. I think this is a very legitimate 
use case. The service could say: "yes, I see your point" and send 
ACK instead of "out-of-band". 

We are just defining switches. People will decide whether they 
switch stuff on or off or provide a switch at all.


Received on Friday, 15 June 2012 08:28:45 UTC