On Thu, Dec 10, 2009 at 5:43 PM, Allen Tom <[email protected]> wrote: > If I was building an RP, I would definitely download and cache the profile > image for the privacy and security reasons that you stated. > > However, many RPs have asked if they can directly link to the profile pic, > because image hosting costs money, and downloading and caching requires work > and effort. Also, some RPs would like to have the image automatically > updated if the user changes it. > > With the current Yahoo AX implementation, RPs can deep link to the profile > image if they want to, however, the image could be deleted if the user > changes their picture, resulting in a broken image. For the purposes of > interop, it would be good to clarify what RPs should do with the Profile > Image url. > >
Hi Allen, My view here is that anything that is not an explicit API with a support SLA can be trusted to last unchanged. Clarification that the URL may change will probably not dissuade the RPs that don't have a good image hosting solution from deep linking to these images. Serving 3rd party images in the domain of the RP's page is actually tricky: Just search for GIFAR. _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
