SREG's Privacy Policy URL

Johannes Ernst jernst+openid.net at netmesh.us
Tue Jun 2 18:24:32 UTC 2009 

Is there a way this can be internationalized?

On Jun 2, 2009, at 11:14, Allen Tom wrote:

> OK, how about if we define a new Privacy Policy <Service> for RPs to  
> include in their XRDS, with a link to their privacy policy?
>
> So the RP would just include the following snippet in its discovery  
> document, discoverable under its realm:
>
> <Service>
> <Type>http://specs.openid.net/path/to/privacy/policy</type>
> <URI>http://www.relyingparty.com/path/to/privacy/policy.html
> </Service>
>
> I'm not sure where we can formally document this. I guess we can put  
> it in the UI spec?
>
> Allen
>
>
>
> George Fletcher wrote:
>> I think for a short-term solution we'd need to define service  
>> "types" for the privacy policy and TOS for XRDS.
>>
>> For the long-term, the same could potentially be used as "rel"  
>> values in the XRD markup. The XRD spec is solidifying but is not  
>> 100% stable.
>>
>> I think we should have a discovery option regardless of whether we  
>> update UX or AX. So I'd like to see a proposal for XRDS and then  
>> when XRD is available, supporting that.
>>
>> Thanks,
>> George
>>
>> Allen Tom wrote:
>>> Hi Luke,
>>>
>>> Yes, this is what we're looking for. Currently, in OpenID, the  
>>> only way for the RP to link to its privacy policy (which is sort  
>>> of like linking to its ToS) is by passing it in the  
>>> openid.sreg.policy_url parameter using SREG.
>>>
>>> Since we're trying to deprecate SREG, we can try to move this  
>>> parameter to either the UI or AX Extension, or move it into  
>>> Discovery.
>>>
>>> Is there an actual Discovery spec?
>>>
>>> Allen
>>>
>>>
>>> Luke Shepard wrote:
>>>> FWIW, Facebook Connect allows relying parties to define a “terms  
>>>> of service” url. We then show that link to users when they click  
>>>> on it. With OpenID, the equivalent URL would be set using relying  
>>>> party discovery. Is this more or less what you’re looking for?
>>>>
>>>> Screenshot:
>>>>
>>>>
>>>>
>>>>
>>>> On 6/2/09 10:21 AM, "Allen Tom" <atom at yahoo-inc.com> wrote:
>>>>
>>>>
>>>>    Alternatively, the RP could publish its privacy policy in its
>>>>    discovery
>>>>    document, which does make a lot of sense, but I understand that
>>>>    there's
>>>>    a lot of work going on to define the next generation of
>>>>    discovery, and
>>>>    I'm not quite sure what the timeframe is for that.
>>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> specs mailing list
>>> specs at openid.net
>>> http://openid.net/mailman/listinfo/specs
>>>
>>
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs

More information about the specs mailing list