On having your private data cached: the current web model allows
businesses to simply own your data into a database, correlate it
across multiple databases (doubleclick) and so on.
I think that to expect them to give up this privilege (and revenue
stream from targeted advertising) is unrealistic, and caching OpenID
data is necessary for them to do so.
Therefore, I'd suggest that OpenID examines the various schemes for
providing a "Terms of Service" **from the user end** on access to
personal data: "by accessing my address, you attest that you will not
1> store it for more than 30 days after our business transaction is
complete, 2> share it with anybody else" and so on. I seem to
remember that somebody had a language for expressing those kinds of
privacy preferences in a machine readable form but I'm not having any
luck remembering who it was...
Possibly the XRI folks know?
At least at that point, users can use the penalty clause on that
"shrinkwrap license" on their personal data to sue scumbags ("and if
you break these rules, you pay me $500.") HIPPA may also help.
Vinay
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
