Chris,

I agree that a WG on RP Discovery to define this is a start.

It probably needs to wind up in the individual specs over time though.

This would likely be in the RP's XRD rather than site meta as work on the spec is going.

SiteMeta will not be signed so from an integrity point of view and to support return_to delegation and other things people are keen on the RP's XRD/S is the correct place to put it.

XRDS and XRD are quite different from a a syntax point of view.

We need to get something done for XRDS per your suggestion or something similar, then sort out the long term refinements for XRD.

Not to put too fine a point on this but is there a way we can agree on something in less than a year?

Your proposal for XRDS, will likely work just fine for people wanting to move to AX from SREG.

It breaks nothing, I don't see why we shouldn't make something like this available quickly for those that want a lightweight solution for the missing AX functionality.

John B.

On 3-Jun-09, at 6:26 AM, specs-requ...@openid.net wrote:

Date: Tue, 2 Jun 2009 22:56:27 -0700
From: Chris Messina <chris.mess...@gmail.com>
Subject: Re: SREG's Privacy Policy URL
To: Allen Tom <a...@yahoo-inc.com>
Cc: "specs@openid.net" <specs@openid.net>
Message-ID:
        <1bc4603e0906022256s42548c5fg7b04ddba5bf48...@mail.gmail.com>
Content-Type: multipart/alternative;
        boundary=0016e6475d18131382046b6b523f

--0016e6475d18131382046b6b523f
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

I worry a little about dumping this into the UX extension, because it's not
the logical place to look for it.
Instead (and our WG process is really effed here), perhaps we should have a
Policy Expression Extension (acronym pending) so that we could express
things like this:

<xrds:XRDS>
<XRD>
<Type>xri://$xrds*simple</Type>

<!-- Privacy Policy -->
<Service>

<Type>http://schemas.openid.net/policies/privacy</Type>
<URI>http://example.com/privacy.php</URI>

</Service>

<!-- Terms & Conditions -->
<Service>

<Type>http://schemas.openid.net/policies/terms</Type>
<URI>http://example.com/terms_and_conditions.php</URI>

</Service>
</XRD>
</xrds:XRDS>

I also think that RP discovery makes a lot of sense, and that really this
stuff should all live in /host-meta.

Chris

On Tue, Jun 2, 2009 at 11:14 AM, Allen Tom <a...@yahoo-inc.com> wrote:

OK, how about if we define a new Privacy Policy <Service> for RPs to
include in their XRDS, with a link to their privacy policy?

So the RP would just include the following snippet in its discovery
document, discoverable under its realm:

<Service>
<Type>http://specs.openid.net/path/to/privacy/policy</type>
<URI>http://www.relyingparty.com/path/to/privacy/policy.html
</Service>

I'm not sure where we can formally document this. I guess we can put it i=
n
the UI spec?

Allen




Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Reply via email to