SREG's Privacy Policy URL
John Bradley
jbradley at mac.com
Tue Jun 2 18:35:37 UTC 2009
The XRDS discovery spec is defined by the XRI 2.0 spec as profiled by
Yadis.
There is a new discovery spec that converges XRDS Simple as used in
oAuth, Yadis and XRI.
That is the XRD 1.0 spec currently under development in the XRI TC at
OASIS.
There will need to be a profile of the discovery spec as part of
openID 2.1 if that is desired.
Google, Yahoo and others are contributing the XRD spec.
There are references in openID 2.0 and the extensions on what needs to
go in to a XRDS, but there is no comprehensive profile of XRDS for
openID that defines where new Services or extension elements are added.
I agree that communicating RP TOS and Privacy via RP Discovery is a
likely candidate.
The CX (contract exchange) workgroup is also looking at some of the
same issues where those policies need to be signed by the user.
I know that is a requirement in Europe for accessing government sites,
from my conversations with the people from the STORK initiative.
http://www.eid-stork.eu/
We may need lightweight policy display and the more heavyweight
signing ability that CX brings to the table to work across all the use
cases from different jurisdictions.
John B.
On 2-Jun-09, at 1:56 PM, specs-request at openid.net wrote:
> Date: Tue, 02 Jun 2009 10:55:55 -0700
> From: Allen Tom <atom at yahoo-inc.com>
> Subject: Re: SREG's Privacy Policy URL
> To: Luke Shepard <lshepard at facebook.com>, "specs at openid.net"
> <specs at openid.net>
> Message-ID: <4A2567AB.10606 at yahoo-inc.com>
> Content-Type: multipart/alternative;
> boundary="------------060606030309050004000507"
>
> This is a multi-part message in MIME format.
> --------------060606030309050004000507
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> Content-Transfer-Encoding: 7bit
>
> Hi Luke,
>
> Yes, this is what we're looking for. Currently, in OpenID, the only
> way
> for the RP to link to its privacy policy (which is sort of like
> linking
> to its ToS) is by passing it in the openid.sreg.policy_url parameter
> using SREG.
>
> Since we're trying to deprecate SREG, we can try to move this
> parameter
> to either the UI or AX Extension, or move it into Discovery.
>
> Is there an actual Discovery spec?
>
> Allen
>
>
> Luke Shepard wrote:
>> FWIW, Facebook Connect allows relying parties to define a "terms of
>> service" url. We then show that link to users when they click on it.
>> With OpenID, the equivalent URL would be set using relying party
>> discovery. Is this more or less what you're looking for?
>>
>> Screenshot:
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090602/c93d675b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1722 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090602/c93d675b/attachment-0002.bin>
More information about the specs
mailing list