Chris, I agree that a WG on RP Discovery to define this is a start.
It probably needs to wind up in the individual specs over time though.This would likely be in the RP's XRD rather than site meta as work on the spec is going.
SiteMeta will not be signed so from an integrity point of view and to support return_to delegation and other things people are keen on the RP's XRD/S is the correct place to put it.
XRDS and XRD are quite different from a a syntax point of view.We need to get something done for XRDS per your suggestion or something similar, then sort out the long term refinements for XRD.
Not to put too fine a point on this but is there a way we can agree on something in less than a year?
Your proposal for XRDS, will likely work just fine for people wanting to move to AX from SREG.
It breaks nothing, I don't see why we shouldn't make something like this available quickly for those that want a lightweight solution for the missing AX functionality.
John B. On 3-Jun-09, at 6:26 AM, specs-requ...@openid.net wrote:
Date: Tue, 2 Jun 2009 22:56:27 -0700 From: Chris Messina <chris.mess...@gmail.com> Subject: Re: SREG's Privacy Policy URL To: Allen Tom <a...@yahoo-inc.com> Cc: "specs@openid.net" <specs@openid.net> Message-ID: <1bc4603e0906022256s42548c5fg7b04ddba5bf48...@mail.gmail.com> Content-Type: multipart/alternative; boundary=0016e6475d18131382046b6b523f --0016e6475d18131382046b6b523f Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printableI worry a little about dumping this into the UX extension, because it's notthe logical place to look for it.Instead (and our WG process is really effed here), perhaps we should have aPolicy Expression Extension (acronym pending) so that we could express things like this: <xrds:XRDS> <XRD> <Type>xri://$xrds*simple</Type> <!-- Privacy Policy --> <Service> <Type>http://schemas.openid.net/policies/privacy</Type> <URI>http://example.com/privacy.php</URI> </Service> <!-- Terms & Conditions --> <Service> <Type>http://schemas.openid.net/policies/terms</Type> <URI>http://example.com/terms_and_conditions.php</URI> </Service> </XRD> </xrds:XRDS>I also think that RP discovery makes a lot of sense, and that really thisstuff should all live in /host-meta. Chris On Tue, Jun 2, 2009 at 11:14 AM, Allen Tom <a...@yahoo-inc.com> wrote:OK, how about if we define a new Privacy Policy <Service> for RPs to include in their XRDS, with a link to their privacy policy? So the RP would just include the following snippet in its discovery document, discoverable under its realm: <Service> <Type>http://specs.openid.net/path/to/privacy/policy</type> <URI>http://www.relyingparty.com/path/to/privacy/policy.html </Service>I'm not sure where we can formally document this. I guess we can put it i=nthe UI spec? Allen
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs