Completing the SREG 1.1 specification

[Allen Tom]

Yes, the idea is to pass an URL to the the user's profile pic. I'm not 
sure if the resolution/aspect ratio needs to be communicated. Also, is 
the RP expected to download and cache the profile pic, or should it link 
directly to it? This needs to be clarified in the spec.

+1 for adding additional URLs which are associated with the user. This 
could be helpful for identity consolidation.
Allen


Sam Alexander wrote:
> +1 for adding a profile pic to the SREG 1.1 spec.
>
> Allen, I'm assuming you mean including a URI to the profile pic as 
> opposed to something like a base64 encoded jpeg or something else 
> totally awesome like that :)
>
> Also, having a "homepage" or "website" URI would be another great 
> field addition.  This would be a URI that pointed to a blog, homepage, 
> additional OpenID or other URI that the user would like to provide.
>
> I agree that the strength of SREG is its constrained fields.  These 
> two additions would allow ALOT of value to the spec, however, if they 
> were to be considered.
>
> -Sam
>
> On Dec 2, 2008, at 3:41 PM, Allen Tom wrote:
>
>> Yahoo is currently testing SREG, and we'd like to see the 1.1 SREG draft
>> updated to clarify any ambiguities before we're done testing. We'd also
>> like to see the schema updated to include the user's profile pic.
>>
>> We decided to build support for SREG before AX because SREG seems to be
>> more widely used, and also because SREG allows the RP to pass the url to
>> its privacy policy in the request. Strangely, AX does not have an
>> interface for the RP to pass its privacy policy to the OP.  We have a
>> mandatory requirement from our legal and privacy teams to be able to
>> link to the RP's privacy policy on our OpenID approval page before
>> sharing any user data with an RP.
>>
>> We'd like SREG to be updated to enable the profile pic to be in the
>> schema, and also any other cleanup that's needed for OpenID 2.0 OPs to
>> support it.
>>
>> Moving forward, we'd also like to support both SREG and AX, if AX is
>> updated to allow the privacy policy url to be included in the request.
>> Alternatively, OPs which support the OpenID/OAuth hybrid protocol can
>> just tie the privacy policy to an OAuth consumer key, assuming that the
>> OP requires pre-registered consumer keys.
>>
>> I'd be happy to help contribute to SREG and AX specs if the owners of
>> the spec would like me to.
>>
>> Allen
>>
>>
>> David Recordon wrote:
>>> I certainly want to see us push the world to implementing AX instead
>>> of SREG, though agree with Mart that there are existing
>>> interoperability problems with SREG that would be nice to fix given
>>> that large OPs are still implementing it in a broken fashion.  I'd see
>>> no issue with including in the SREG spec that people really should go
>>> use AX instead.
>>>
>>>
>>>
>>>> On 28-Nov-08, at 11:28 PM, Martin Atkins wrote:
>>>>
>>>>
>>>>>
>>>>> As long as folks still want to implement SREG, I think it's
>>>>> beneficial
>>>>> to have a specification that actually works in practice, which the
>>>>> current draft does not.
>>>>>
>>
>> _______________________________________________
>> specs mailing list
>> specs at openid.net
>> http://openid.net/mailman/listinfo/specs
>