Difference between revisions of "Notice-centric ID"
From MgmtWiki
(→Solutions) |
(→Solutions) |
||
Line 11: | Line 11: | ||
==Solutions== | ==Solutions== | ||
− | * This proposed method for a web site to comply with [[Notice]] regulations is to create a [[Notice-centric ID]]. In this type of [[Identifier]] the | + | * This proposed method for a web site to comply with [[Notice]] regulations is to create a [[Notice-centric ID]]. In this type of [[Identifier]] the issue of notification is to be addressed before the user is asked for personal data. So the notice channel to be established is addressed by the Identifier. Several options and considered. |
# The user is asked to provide an email or SMS phone number to use as the identifier. This is common today and preloads the notification with the user. | # The user is asked to provide an email or SMS phone number to use as the identifier. This is common today and preloads the notification with the user. | ||
# The user choses to use the web site as there | # The user choses to use the web site as there |
Revision as of 16:12, 16 February 2021
Full Title or Meme
The problem of giving notice to Subjects about issues is addressed before the user is asked to provide any personal information.
Context
- The assumption on this page is that the user is trying to establish a long-term association with a web site to the mutual benefit of both and that notice, in some form, is required.
- It has become obvious that traditional methods of establishing identity have been focused on an Identifier Provider (IdP). This has created privacy and user tracking problems that have been difficult to mitigate. The most common method in 2020 is OpenID Connect using one of the social media sites like FaceBook or Google.
Problems
- User Identity is immediately obvious from any social IDs. For example in Facebook there is a a requirement to like any Facebook ID to a real person.
- OpenID Connect understood this problem from the start and included section 7 for Self-issued Identifiers. Unfortunately the browser environment made thiis solution untenable and so it has never (by 2020) been successfully deployed outside of closed networks with multiple IdPs.
Solutions
- This proposed method for a web site to comply with Notice regulations is to create a Notice-centric ID. In this type of Identifier the issue of notification is to be addressed before the user is asked for personal data. So the notice channel to be established is addressed by the Identifier. Several options and considered.
- The user is asked to provide an email or SMS phone number to use as the identifier. This is common today and preloads the notification with the user.
- The user choses to use the web site as there
The issue of more that one user on a notification channel is not considered here as that situation can already exist with share user accounts as is common in families that bind the account to streaming media services.
References
- See the wiki page on User Consent which is a structure that tells the user what data is held. This receipt is the first effort at providing Open Notice capabilities to users.