Re: SREG's Privacy Policy URL

Tue, 02 Jun 2009 11:36:11 -0700

The XRDS discovery spec is defined by the XRI 2.0 spec as profiled by Yadis.
There is a new discovery spec that converges XRDS Simple as used in oAuth, Yadis and XRI. 


That is the XRD 1.0 spec currently under development in the XRI TC at  
OASIS.



There will need to be a profile of the discovery spec as part of  
openID 2.1 if that is desired.


Google, Yahoo and others are contributing the XRD spec.


There are references in openID 2.0 and the extensions on what needs to  
go in to a XRDS,  but there is no comprehensive profile of XRDS  for  
openID that defines where new Services or extension elements are added.



I agree that communicating RP TOS and Privacy via RP Discovery is a  
likely candidate.



The CX (contract exchange) workgroup is also looking at some of the  
same issues where those policies need to be signed by the user.



I know that is a requirement in Europe for accessing government sites,  
from my conversations with the people from the STORK initiative.

http://www.eid-stork.eu/


We may need lightweight  policy display and the more heavyweight  
signing ability that CX brings to the table to work across all the use  
cases from different jurisdictions.


John B.

On 2-Jun-09, at 1:56 PM, specs-requ...@openid.net wrote:


Date: Tue, 02 Jun 2009 10:55:55 -0700
From: Allen Tom <a...@yahoo-inc.com>
Subject: Re: SREG's Privacy Policy URL
To: Luke Shepard <lshep...@facebook.com>, "specs@openid.net"
        <specs@openid.net>
Message-ID: <4a2567ab.10...@yahoo-inc.com>
Content-Type: multipart/alternative;
        boundary="------------060606030309050004000507"

This is a multi-part message in MIME format.
--------------060606030309050004000507
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi Luke,


Yes, this is what we're looking for. Currently, in OpenID, the only  
way
for the RP to link to its privacy policy (which is sort of like  
linking

to its ToS) is by passing it in the openid.sreg.policy_url parameter
using SREG.


Since we're trying to deprecate SREG, we can try to move this  
parameter

to either the UI or AX Extension, or move it into Discovery.

Is there an actual Discovery spec?

Allen


Luke Shepard wrote:

FWIW, Facebook Connect allows relying parties to define a "terms of
service" url. We then show that link to users when they click on it.
With OpenID, the equivalent URL would be set using relying party
discovery. Is this more or less what you're looking for?

Screenshot:









Attachment:
smime.p7s

Description: S/MIME cryptographic signature


_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs























					Reply via email to