I like this idea best. UI spec, and a future version of the AX spec can mention this.
-- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre On Tue, Jun 2, 2009 at 11:14 AM, Allen Tom <a...@yahoo-inc.com> wrote: > OK, how about if we define a new Privacy Policy <Service> for RPs to > include in their XRDS, with a link to their privacy policy? > > So the RP would just include the following snippet in its discovery > document, discoverable under its realm: > > <Service> > <Type>http://specs.openid.net/path/to/privacy/policy</type> > <URI>http://www.relyingparty.com/path/to/privacy/policy.html > </Service> > > I'm not sure where we can formally document this. I guess we can put it in > the UI spec? > > Allen > > > > > George Fletcher wrote: > >> I think for a short-term solution we'd need to define service "types" for >> the privacy policy and TOS for XRDS. >> >> For the long-term, the same could potentially be used as "rel" values in >> the XRD markup. The XRD spec is solidifying but is not 100% stable. >> >> I think we should have a discovery option regardless of whether we update >> UX or AX. So I'd like to see a proposal for XRDS and then when XRD is >> available, supporting that. >> >> Thanks, >> George >> >> Allen Tom wrote: >> >>> Hi Luke, >>> >>> Yes, this is what we're looking for. Currently, in OpenID, the only way >>> for the RP to link to its privacy policy (which is sort of like linking to >>> its ToS) is by passing it in the openid.sreg.policy_url parameter using >>> SREG. >>> >>> Since we're trying to deprecate SREG, we can try to move this parameter >>> to either the UI or AX Extension, or move it into Discovery. >>> >>> Is there an actual Discovery spec? >>> >>> Allen >>> >>> >>> Luke Shepard wrote: >>> >>>> FWIW, Facebook Connect allows relying parties to define a “terms of >>>> service” url. We then show that link to users when they click on it. With >>>> OpenID, the equivalent URL would be set using relying party discovery. Is >>>> this more or less what you’re looking for? >>>> >>>> Screenshot: >>>> >>>> >>>> >>>> >>>> On 6/2/09 10:21 AM, "Allen Tom" <a...@yahoo-inc.com> wrote: >>>> >>>> >>>> Alternatively, the RP could publish its privacy policy in its >>>> discovery >>>> document, which does make a lot of sense, but I understand that >>>> there's >>>> a lot of work going on to define the next generation of >>>> discovery, and >>>> I'm not quite sure what the timeframe is for that. >>>> >>>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> specs mailing list >>> specs@openid.net >>> http://openid.net/mailman/listinfo/specs >>> >>> >> >> > _______________________________________________ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs >
_______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
