That's one possibility. Another is to have the RP advertise its privacy policy in its own XRDS file. While the OP is already discovering the RP it can look it up. The advantage to this method is that now OPs can send unsolicited assertions to RPs and still know the privacy policy URL.<div>
<br></div><div>There's been a strong push lately to get the AX extension going with some kind of privacy policy URL. Some big people are behind it so I imagine it will be fixed soon.</div><div><br clear="all">--<br>
Andrew Arnott<br>
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Fri, Jul 10, 2009 at 7:50 AM, David Fuelling <span dir="ltr"><<a href="mailto:sappenin@gmail.com">sappenin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im"><div class="gmail_quote">On Fri, Jul 10, 2009 at 2:42 PM, Andrew Arnott <span dir="ltr"><<a href="mailto:andrewarnott@gmail.com" target="_blank">andrewarnott@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left:1px solid rgb(204, 204, 204);margin:0pt 0pt 0pt 0.8ex;padding-left:1ex">
There is actually one feature sreg has that AX doesn't: privacy policy URL of the RP. <div><br></div></blockquote></div><br></div>Why can't AX support a privacy policy URL? Is it a matter of not having a commonly agreed upon attribute type-name?<br>
</blockquote></div><br></div>