Indeed, and there are commercial incentives for it. I have doubts about the legal effectiveness of such consent but that is the de-facto situation right now. On the longer run, there are initiatives like information sharing and consent WG at Kantara and ISO/IEC SC 27/WG 5 study group on notice and consent which hopefully would emerge with a better model but that only helps the future and not now.
Do you have some suggestions to help the situation in the mean time? On Tue Dec 02 2014 at 9:51:39 Bill Mills <[email protected]> wrote: > Mis-stated perhaps, but it's highlighting a core problem we punt on at the > protocol layer. FB as the example here tries to make teh friction of using > a FB login as low as possible, and so the user consent stuff is dialed down > to the very minimum of acceptable. This is the common pattern, get a user > consent and you're covered legally and then the drive is to make that > consent as minimally invasive (read effective) as possible. >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
