Difference between revisions of "User Stipulation"
From MgmtWiki
(→Context) |
m (→Context) |
||
Line 8: | Line 8: | ||
#The user is operating on a portable device (e.g. a [[Smart Phone]]) with a native app installed by the [[Web Site]] that wants to collect their data. | #The user is operating on a portable device (e.g. a [[Smart Phone]]) with a native app installed by the [[Web Site]] that wants to collect their data. | ||
− | + | An other option is that the user is on a computer of any sort using an application what interacts with the user's data. If the [[User Information]] does not leave the [[User Device]] there is no [[User Stipulation]] required. | |
There are at least two sources of [[User Stipulation]]: | There are at least two sources of [[User Stipulation]]: |
Revision as of 19:25, 18 October 2018
Full Title or Meme
- A statement from a User as to the behavior that the user expects of a Web Site.
- A condition, requirement, or item specified in a legal instrument. [1]
Context
There are at least two important contexts in which a user is required to stipulate their terms of engagement:
- The user is operating a browser on any internet connected device.
- The user is operating on a portable device (e.g. a Smart Phone) with a native app installed by the Web Site that wants to collect their data.
An other option is that the user is on a computer of any sort using an application what interacts with the user's data. If the User Information does not leave the User Device there is no User Stipulation required.
There are at least two sources of User Stipulation:
- The user can create a statement to be send to the correspondent Web Site informing the site as to the expectations of the user. (aka intent casting e.g. Do Not Track)
- The Web Site can provide the user with some sort of document (terms of use, privacy policy, etc.) that the user can accept or reject.
This page does not presently include user settings on a User Device.
Problems
Compliance by the Web Site with the agreed terms will be hard to track.
Solutions
- The page Cookies has some description of user cookies that have been proposed as a source of user stipulations.
- The Best Practice shows one way to track user expressed intent within a Relying Party database.
Intent Casting
This solution covers the projection of user terms onto a correspondent Web Site.
- An existing example is the DNT (Do Not Track) HTTP header.
- The following example assumes a richer format for intent casting that is not yet defined.
- See the page on stalking on Kantara.
Here are the potential terms to be cast
Name | OIDC | Priv Risk | Notes |
openid | yes | 0 | requests access to the user_id (sub) Claim which is here assumed to be pair-wise unique for the privacy score. |
profile | yes | 4 | requests that access to the End-User’s profile Claims excluding the address and email Claims. |
yes | 4 | requests that access to the email and verified Claims |
References
- ↑ Merriam Webster, 3rd International Dictionary