Work in progress.
This policy is subject to my (iam-py-test) interpretation. I reserve the right to change any part of it at any time.
For this document, shall implies a requirement, should implies a recommendation.
Any form of script, program, or website.
A person or persons interacting with an application
Deliberately presenting false information or presenting correct information in a manner intended to mislead the use (such as inflating the risk of minor issues)
Explicitly authorizing an action.
- The application shall clearly inform the user of what they are consenting to
- This includes but is not limited to:
- The collection, storage, use, and distribution of the user's information
- The alteration of system or application configuration
- The alteration of files and data outside the application
- This information should be presented in the user's language
- This includes but is not limited to:
- The application shall not collect and transmit login information, except:
- In order to permit the user to login to the application or another application
- When the user has consented
- Or when this aligns with the purpose of the application
- For example, a password manager which syncs the user's passwords between devices