On Dec 9, 2009, at 9:42 AM, SitG Admin wrote:
Chris Messina wrote:
Third, it suggests that whatever metadata the user doesn't provide
herself, a site author may attempt to harvest elsewhere.
Which is something we need to establish best practices around, to
discourage just that: the *attempt* to harvest correlating
(meta)data elsewhere. Site authors who mix up authentication data
and accidentally commit identity theft on the user's behalf will not
be admired.
Care to unpack that? I always felt that it's foolish not to use public
data to inform interaction with the user.
--
j
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
