On Tue, Jan 27, 2009 at 6:30 PM, Allen Tom <a...@yahoo-inc.com> wrote: > I agree with Martin. I believe that AX is the correct solution in the long > run, but given that there appears to be more SREG implementations currently > in the wild, we should update it to make it useful for sites that want to > use it. > > The other factor is that our lawyers feel very strongly that the user should > have the opportunity to read the RP's privacy policy before authorizing any > data exchange, and only SREG has the ability to do this automatically. The > alternative would be to use OAuth, and require RPs to pre-register with > Yahoo and provide their privacy policy and/or agree to a ToS before using > our OP.
I think the AX proposing the WG is in agreement that AX 2.0 should support this. > > Allen > > Martin Atkins wrote: >> >> I agree that having both is not ideal, but I also feel strongly that we >> need to have a good SREG 1.1 spec because in practice today there are lots >> of SREG implementations and it is important to be able to interoperate with >> them even if in the long term we'd like to move to AX. >> >> This is, incidentally, why I was previously proposing forming an SREG >> group whose task is *only* to fix the spec to reflect current practice. This >> should encourage SREG interop in the short term while new developments to AX >> will encourage a move to AX in the longer term. >> > _______________________________________________ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
