On Tue, Jan 27, 2009 at 6:30 PM, Allen Tom <a...@yahoo-inc.com> wrote:
> I agree with Martin. I believe that AX is the correct solution in the long
> run, but given that there appears to be more SREG implementations currently
> in the wild, we should update it to make it useful for sites that want to
> use it.
>
> The other factor is that our lawyers feel very strongly that the user should
> have the opportunity to read the RP's privacy policy before authorizing any
> data exchange, and only SREG has the ability to do this automatically. The
> alternative would be to use OAuth, and require RPs to pre-register with
> Yahoo and provide their privacy policy and/or agree to a ToS before using
> our OP.

I think the AX proposing the WG is in agreement that AX 2.0 should support this.

>
> Allen
>
> Martin Atkins wrote:
>>
>> I agree that having both is not ideal, but I also feel strongly that we
>> need to have a good SREG 1.1 spec because in practice today there are lots
>> of SREG implementations and it is important to be able to interoperate with
>> them even if in the long term we'd like to move to AX.
>>
>> This is, incidentally, why I was previously proposing forming an SREG
>> group whose task is *only* to fix the spec to reflect current practice. This
>> should encourage SREG interop in the short term while new developments to AX
>> will encourage a move to AX in the longer term.
>>
> _______________________________________________
> specs mailing list
> specs@openid.net
> http://openid.net/mailman/listinfo/specs
>



-- 
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Reply via email to