- changed status to open
BK DISCUSS: Consent and collection minimization
Issue #102
resolved
The introduction notes as an advantage of JWT that:
(d) (collection minimization) The request can be signed by a third
party attesting that the authorization request is compliant with
a certain policy. For example, a request can be pre-examined by
a third party that all the personal data requested is strictly
necessary to perform the process that the end-user asked for,
and statically signed by that third party. The authorization
server then examines the signature and shows the conformance
status to the end-user, who would have some assurance as to the
legitimacy of the request when authorizing it. In some cases,
it may even be desirable to skip the authorization dialogue
under such circumstances.
I'm pretty uncomfortable about suggesting that the authorization
dialogue can/should be skipped; do we need to keep this example?
We could remove it for now, as it is nothing normative, though I have to point out that it is well understood in the privacy community that relying on “user consent” is a very very bad idea.
Comments (3)
-
reporter -
reporter -
assigned issue to
-
assigned issue to
-
reporter - changed status to resolved
fixed
#102BK DISCUSS: Consent and collection minimization→ <<cset 2ad29a0c8d26>>
- Log in to comment