[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Privacy Considerations (4.5) in opes-authorization-00

To: eburger@xxxxxxxxxxxxx, OPES Group <ietf-openproxy@xxxxxxx>
Subject: RE: Privacy Considerations (4.5) in opes-authorization-00
From: "Abbie Barbir" <abbieb@xxxxxxxxxxxxxxxxxx>
Date: Wed, 23 Oct 2002 10:21:05 -0400
List-archive: <http://www.imc.org/ietf-openproxy/mail-archive/>
List-id: <ietf-openproxy.imc.org>
List-unsubscribe: <mailto:ietf-openproxy-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openproxy@xxxxxxxxxxxx

Title: RE: Privacy Considerations (4.5) in opes-authorization-00

eric,

it seems to me that you have already answered your question.

abbie

> -----Original Message-----
> From: Eric Burger [mailto:eburger@xxxxxxxxxxxxx]
> Sent: Monday, October 21, 2002 10:35 PM
> To: OPES Group
> Subject: Privacy Considerations (4.5) in opes-authorization-00
>
>
>
> How can a user know that the PDP has user profiles so they
> can limit the promulgation of their profile data?
>
>
> As pointed out in the thread on Authentication Requirements,
> how does the PROTOCOL limit traffic data from being sent to
> third parties? How does the PROTOCOL know the difference
> between a server run by the service provider and a server run
> by a third party?
>
> In the real world, the user and the service provider enter
> into a trust agreement (outside of the protocol). Part of
> that agreement is that the service provider can or cannot let
> third parties do work on their behalf. This, again, is
> outside of the protocol. POLICY dictates whether a service
> provider may or may not send traffic data to third parties.
>
>

Prev by Date: RE: Unique Shared Secrets (4.4.2) in opes-authorization
Next by Date: RE: Authentication Requirements in opes-authorization-00 (section 4.2)
Previous by thread: RE: Unique Shared Secrets (4.4.2) in opes-authorization
Next by thread: Some comments on draft-ietf-opes-threats-00
Index(es):
- Date
- Thread