Request for consideration of AX 2.0 Working Group Charter Proposal

[David Recordon]

+1

On Jan 27, 2009, at 6:30 PM, Allen Tom wrote:

> I agree with Martin. I believe that AX is the correct solution in  
> the long run, but given that there appears to be more SREG  
> implementations currently in the wild, we should update it to make  
> it useful for sites that want to use it.
>
> The other factor is that our lawyers feel very strongly that the  
> user should have the opportunity to read the RP's privacy policy  
> before authorizing any data exchange, and only SREG has the ability  
> to do this automatically. The alternative would be to use OAuth, and  
> require RPs to pre-register with Yahoo and provide their privacy  
> policy and/or agree to a ToS before using our OP.
>
> Allen
>
> Martin Atkins wrote:
>>
>> I agree that having both is not ideal, but I also feel strongly  
>> that we need to have a good SREG 1.1 spec because in practice today  
>> there are lots of SREG implementations and it is important to be  
>> able to interoperate with them even if in the long term we'd like  
>> to move to AX.
>>
>> This is, incidentally, why I was previously proposing forming an  
>> SREG group whose task is *only* to fix the spec to reflect current  
>> practice. This should encourage SREG interop in the short term  
>> while new developments to AX will encourage a move to AX in the  
>> longer term.
>>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs