Request for consideration of AX 2.0 Working Group Charter Proposal

[Allen Tom]

I agree with Martin. I believe that AX is the correct solution in the 
long run, but given that there appears to be more SREG implementations 
currently in the wild, we should update it to make it useful for sites 
that want to use it.

The other factor is that our lawyers feel very strongly that the user 
should have the opportunity to read the RP's privacy policy before 
authorizing any data exchange, and only SREG has the ability to do this 
automatically. The alternative would be to use OAuth, and require RPs to 
pre-register with Yahoo and provide their privacy policy and/or agree to 
a ToS before using our OP.

Allen

Martin Atkins wrote:
>
> I agree that having both is not ideal, but I also feel strongly that 
> we need to have a good SREG 1.1 spec because in practice today there 
> are lots of SREG implementations and it is important to be able to 
> interoperate with them even if in the long term we'd like to move to AX.
>
> This is, incidentally, why I was previously proposing forming an SREG 
> group whose task is *only* to fix the spec to reflect current 
> practice. This should encourage SREG interop in the short term while 
> new developments to AX will encourage a move to AX in the longer term.
>