The life of the authenticating info?
bhyde at pobox.com
Fri May 20 14:01:27 PDT 2005
What are the rules, or advice, for a suspicious site about retaining
the information it collects while during an authentication. Is any of
the info collected private to any of the parties?
I got to wondering about this because I'd assumed that the information
would be retained so if a complaint arose about the submitted comment
the suspicious site could use the collected info to file a complaint.
For example it might file the complaint via the id service end point.
Alternately it might file a complaint with a third party reputation
service of some kind. Enabling both of those seems highly desirable
but it isn't clear that the design as it stands is ready to support
So I backed up and tried to figure out what the benefits and risk
retaining and or revealing the info has.
I forecast sunny weather!
More information about the yadis