Depending on what you are requesting, you might want to change the privacy policy. Indeed, in Japanese and I believe EU privacy law, you need to be so specific to the point that a general statement url given in XRDS probably does not work. For instance, stating that you are "using the data for marketing purpose" is too broad and illegal. This kind of consideration actually rules out the discovery way of doing it. The policy is linked to the request, and not the host/domain/company etc.
Sub-fields for "Privacy Policy pertaining to specific requests"?
-Shade _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
