ietf-openproxy
[Top] [All Lists]

RE: Privacy Considerations (4.5) in opes-authorization-00

2002-10-23 07:21:17

eric,

it seems to me that you have already answered your question.

abbie

-----Original Message-----
From: Eric Burger [mailto:eburger(_at_)snowshore(_dot_)com] 
Sent: Monday, October 21, 2002 10:35 PM
To: OPES Group
Subject: Privacy Considerations (4.5) in opes-authorization-00



How can a user know that the PDP has user profiles so they 
can limit the promulgation of their profile data?


As pointed out in the thread on Authentication Requirements, 
how does the PROTOCOL limit traffic data from being sent to 
third parties?  How does the PROTOCOL know the difference 
between a server run by the service provider and a server run 
by a third party?

In the real world, the user and the service provider enter 
into a trust agreement (outside of the protocol).  Part of 
that agreement is that the service provider can or cannot let 
third parties do work on their behalf. This, again, is 
outside of the protocol.  POLICY dictates whether a service 
provider may or may not send traffic data to third parties.


<Prev in Thread] Current Thread [Next in Thread>