One of the things that I'd like to clarify in AX 1.1 is whether or not RPs should be able to deep link directly to the profile pic, or if they're expected to download and cache it themselves. Also, if RPs are able to deep link to the profile pic, then we should also define whether or not the content of the URL be updated when the user updates their pic.
RP's should be able to cache it themselves; if you let me specify an avatar URL at any server I control, anyone who views a page with my avatar on it will probably be sending me referer metadata that can let me track/identify them :(
-Shade _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
