The article is mislead in multiple ways. At its heart, it has nothing to do with the OAuth but the problem of explicit consent model, that people are trained to click "accept". Apparently, she did give her authorization to pull her profile to create Zoosk account. She did the on-the-fly provisioning to Zoosk, but this was "without her knowledge" because she clicked "accept" without reading. This is where consent receipt type of idea becomes more helpful.
Cheers, Nat On Tue Dec 02 2014 at 3:58:28 Hannes Tschofenig <[email protected]> wrote: > Yes, this is the story. Sorry for including the wrong link. > > We can find out what the issue was but that wasn't necessarily my point. > > The problem is that there is unfortunately little understanding about > the different layers and responsibilities involved. I think there is > something to write about and I will compile a first draft. > > Ciao > Hannes > > On 12/01/2014 06:51 PM, John Bradley wrote: > > Hannes, > > > > I think this may be the link you were trying to share. > > http://www.cbc.ca/m/touch/news/story/1.2844953 > > > > I suspect the problem was the profile ID leaking via a ad rather than > anything to do with OAuth > > as she never logged in. > > > > John B. > > > > > >> On Dec 1, 2014, at 1:25 PM, Hannes Tschofenig < > [email protected]> wrote: > >> > >> Hi all, > >> > >> I fear we have to write another article to clarify what OAuth does and > >> what it does not do based on the misinformation spread with this recent > >> article: > >> http://www.techopedia.com/definition/26694/oauth > >> > >> A quote from that article: > >> " > >> Graham Williams, a Vancouver-based technology expert, points to what is > >> known as an "open authentication protocol" — or OAuth — where people > >> often unwittingly share personal information with third-party websites. > >> " > >> > >> Ciao > >> Hannes > >> > >> _______________________________________________ > >> OAuth mailing list > >> [email protected] > >> https://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
