fedidcg / use-case-library

Other

11 stars 2 forks source link

User Story: Service collecting username during an explicit authentication flow within a single service #3

Open hlflanagan opened 2 years ago

hlflanagan commented 2 years ago

User story

As a user, I go to my favorite news site and click on sign in because I want to access my saved articles. I am presented with a sign-in screen where I choose to sign in with my local service credentials. My credentials are accepted and I am taken to my profile.

Since I initiated the sign-in flow, I expect the service to collect, store, and use my credentials without asking for explicit permission.

Context of the story

This story applies to a standard consumer authentication flow.

Should this be considered sanctioned or unsanctioned tracking?

This should be considered sanctioned tracking

Explicit list of parties involved

user
browser
service

Complicating characteristics

n/a

Additional information

Screenshot 2021-09-22 at 13-18-47 Enter email - The New York Times

hlflanagan commented 2 years ago

Discussed during 27 September 2021 fedidcg call