SREG's Privacy Policy URL
John Bradley
jbradley at mac.com
Wed Jun 3 18:09:51 UTC 2009
Chris,
I agree that a WG on RP Discovery to define this is a start.
It probably needs to wind up in the individual specs over time though.
This would likely be in the RP's XRD rather than site meta as work on
the spec is going.
SiteMeta will not be signed so from an integrity point of view and to
support return_to delegation and other things people are keen on the
RP's XRD/S is the correct place to put it.
XRDS and XRD are quite different from a a syntax point of view.
We need to get something done for XRDS per your suggestion or
something similar, then sort out the long term refinements for XRD.
Not to put too fine a point on this but is there a way we can agree on
something in less than a year?
Your proposal for XRDS, will likely work just fine for people wanting
to move to AX from SREG.
It breaks nothing, I don't see why we shouldn't make something like
this available quickly for those that want a lightweight solution for
the missing AX functionality.
John B.
On 3-Jun-09, at 6:26 AM, specs-request at openid.net wrote:
> Date: Tue, 2 Jun 2009 22:56:27 -0700
> From: Chris Messina <chris.messina at gmail.com>
> Subject: Re: SREG's Privacy Policy URL
> To: Allen Tom <atom at yahoo-inc.com>
> Cc: "specs at openid.net" <specs at openid.net>
> Message-ID:
> <1bc4603e0906022256s42548c5fg7b04ddba5bf481b2 at mail.gmail.com>
> Content-Type: multipart/alternative;
> boundary=0016e6475d18131382046b6b523f
>
> --0016e6475d18131382046b6b523f
> Content-Type: text/plain; charset=windows-1252
> Content-Transfer-Encoding: quoted-printable
>
> I worry a little about dumping this into the UX extension, because
> it's not
> the logical place to look for it.
> Instead (and our WG process is really effed here), perhaps we should
> have a
> Policy Expression Extension (acronym pending) so that we could express
> things like this:
>
> <xrds:XRDS>
> <XRD>
> <Type>xri://$xrds*simple</Type>
>
> <!-- Privacy Policy -->
> <Service>
>
> <Type>http://schemas.openid.net/policies/privacy</Type>
> <URI>http://example.com/privacy.php</URI>
>
> </Service>
>
> <!-- Terms & Conditions -->
> <Service>
>
> <Type>http://schemas.openid.net/policies/terms</Type>
> <URI>http://example.com/terms_and_conditions.php</URI>
>
> </Service>
> </XRD>
> </xrds:XRDS>
>
> I also think that RP discovery makes a lot of sense, and that really
> this
> stuff should all live in /host-meta.
>
> Chris
>
> On Tue, Jun 2, 2009 at 11:14 AM, Allen Tom <atom at yahoo-inc.com> wrote:
>
>> OK, how about if we define a new Privacy Policy <Service> for RPs to
>> include in their XRDS, with a link to their privacy policy?
>>
>> So the RP would just include the following snippet in its discovery
>> document, discoverable under its realm:
>>
>> <Service>
>> <Type>http://specs.openid.net/path/to/privacy/policy</type>
>> <URI>http://www.relyingparty.com/path/to/privacy/policy.html
>> </Service>
>>
>> I'm not sure where we can formally document this. I guess we can
>> put it i=
> n
>> the UI spec?
>>
>> Allen
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090603/0affe486/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1722 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090603/0affe486/attachment-0002.bin>
More information about the specs
mailing list