The life of the authenticating info?

Ben Hyde bhyde at
Fri May 20 14:01:27 PDT 2005

What are the rules, or advice, for a suspicious site about retaining 
the information it collects while during an authentication.   Is any of 
the info collected private to any of the parties?

I got to wondering about this because I'd assumed that the information 
would be retained so if a complaint arose about the submitted comment 
the suspicious site could use the collected info to file a complaint.  
For example it might file the complaint via the id service end point.  
Alternately it might file a complaint with a third party reputation 
service of some kind.   Enabling both of those seems highly desirable 
but it isn't clear that the design as it stands is ready to support 

So I backed up and tried to figure out what the benefits and risk 
retaining and or revealing the info has.

    - ben

  I forecast sunny weather!

More information about the yadis mailing list