Maybe you’ll find the work on RAR and identity assurance in OIDF interesting? RAR could be used for indicating a “legitimate interest”, and IA could cater for accountability.
man. 4. apr. 2022 kl. 15:36 skrev Roberto Polli <[email protected]>: > Hi folks, > > I'm finding a standard way to express data processing purposes in access > token/requests. > E.g an access token request/response should provide an identifier linked > to the reason that motivates > a specific data processing. > > The first idea is that this identifier is conveyed in a custom claim, > but maybe there's an existing claim/access token request parameter already. > > If such a parameter does not exist, which is the procedure for registering > it? > > Kind regards, > R: > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > -- Vennlig hilsen Steinar Noem Partner Udelt AS Systemutvikler | [email protected] | [email protected] | +47 955 21 620 | www.udelt.no |
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
