Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User Story: Service collecting username during an explicit authentication flow within a single service #3

Open
hlflanagan opened this issue Sep 22, 2021 · 1 comment
Open

User Story: Service collecting username during an explicit authentication flow within a single service #3

hlflanagan opened this issue Sep 22, 2021 · 1 comment

Comments

@hlflanagan
Copy link
Contributor

hlflanagan commented Sep 22, 2021
edited by timcappalli
Loading

User story

As a user, I go to my favorite news site and click on sign in because I want to access my saved articles.
I am presented with a sign-in screen where I choose to sign in with my local service credentials.
My credentials are accepted and I am taken to my profile.

Since I initiated the sign-in flow, I expect the service to collect, store, and use my credentials without asking for explicit permission.

Context of the story

This story applies to a standard consumer authentication flow.

Should this be considered sanctioned or unsanctioned tracking?

This should be considered sanctioned tracking

Explicit list of parties involved

  • user
  • browser
  • service

Complicating characteristics

n/a

Additional information

Screenshot 2021-09-22 at 13-18-47 Enter email - The New York Times
@hlflanagan
Copy link
Contributor Author

Discussed during 27 September 2021 fedidcg call

@pkotwicz pkotwicz mentioned this issue Jul 30, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hlflanagan