Request for consideration of AX 2.0 Working Group Charter Proposal

[Dick Hardt]

+1 to a separate WG to fix SREG. Adding language to SREG 1.1  
recommending AX for new development would clarify for the community  
the direction. (I'm presuming there is consensus on one spec long term  
and that the extensibility of AX is preferred)

-- Dick

On 27-Jan-09, at 6:30 PM, Allen Tom wrote:

> I agree with Martin. I believe that AX is the correct solution in  
> the long run, but given that there appears to be more SREG  
> implementations currently in the wild, we should update it to make  
> it useful for sites that want to use it.
>
> The other factor is that our lawyers feel very strongly that the  
> user should have the opportunity to read the RP's privacy policy  
> before authorizing any data exchange, and only SREG has the ability  
> to do this automatically. The alternative would be to use OAuth, and  
> require RPs to pre-register with Yahoo and provide their privacy  
> policy and/or agree to a ToS before using our OP.
>
> Allen
>
> Martin Atkins wrote:
>>
>> I agree that having both is not ideal, but I also feel strongly  
>> that we need to have a good SREG 1.1 spec because in practice today  
>> there are lots of SREG implementations and it is important to be  
>> able to interoperate with them even if in the long term we'd like  
>> to move to AX.
>>
>> This is, incidentally, why I was previously proposing forming an  
>> SREG group whose task is *only* to fix the spec to reflect current  
>> practice. This should encourage SREG interop in the short term  
>> while new developments to AX will encourage a move to AX in the  
>> longer term.
>>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs