Whether we go for passing a parameter or not, I like the idea of (also) having RP discovery offer a URL as well so that unsolicited assertions from OPs can show the privacy policy to the user.<br clear="all">--<br>Andrew Arnott<br>
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Tue, Jun 2, 2009 at 11:44 AM, Allen Tom <span dir="ltr"><<a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000">
The internationalization problem is one of the reasons why it might
make more sense for the privacy policy url to be passed in as a
parameter by the RP. The RP already is passing the user's language to
the OP as part of the UI extension, so we could just make this an
additional parameter.<br>
<br>
Alternatively, we can just say that the RP has a single privacy policy
url, and the Privacy Polocy URL can take an optional openid.ui.lang
parameter. The privacy policy url can be discoverable.<br>
<br>
Allen<br>
<br>
<br>
<br>
Andrew Arnott wrote:
<blockquote type="cite"><div><div></div><div class="h5">Would internationalizing entail the OP getting the URL for
the RP's privacy policy in the right language?<br>
<br>
If so, why not just have one URL and let the RP detect the user agent's
preferred language? (Yes, I know the UI extension has this for the
reason that the user agent isn't properly configured, so it's an
interesting point...) <br clear="all">
--<br>
Andrew Arnott<br>
"I [may] not agree with what you have to say, but I'll defend to the
death your right to say it." - S. G. Tallentyre<br>
<br>
<br>
<div class="gmail_quote">On Tue, Jun 2, 2009 at 11:24 AM, Johannes
Ernst <span dir="ltr"><jernst+<a href="http://openid.net" target="_blank">openid.net</a>@<a href="http://netmesh.us" target="_blank">netmesh.us</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Is
there a way this can be internationalized?
<div>
<div><br>
<br>
On Jun 2, 2009, at 11:14, Allen Tom wrote:<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
OK, how about if we define a new Privacy Policy <Service> for RPs
to include in their XRDS, with a link to their privacy policy?<br>
<br>
So the RP would just include the following snippet in its discovery
document, discoverable under its realm:<br>
<br>
<Service><br>
<Type><a href="http://specs.openid.net/path/to/privacy/policy" target="_blank">http://specs.openid.net/path/to/privacy/policy</a></type><br>
<URI><a href="http://www.relyingparty.com/path/to/privacy/policy.html" target="_blank">http://www.relyingparty.com/path/to/privacy/policy.html</a><br>
</Service><br>
<br>
I'm not sure where we can formally document this. I guess we can put it
in the UI spec?<br>
<br>
Allen<br>
<br>
<br>
<br>
George Fletcher wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I think for a short-term solution we'd need to define service "types"
for the privacy policy and TOS for XRDS.<br>
<br>
For the long-term, the same could potentially be used as "rel" values
in the XRD markup. The XRD spec is solidifying but is not 100% stable.<br>
<br>
I think we should have a discovery option regardless of whether we
update UX or AX. So I'd like to see a proposal for XRDS and then when
XRD is available, supporting that.<br>
<br>
Thanks,<br>
George<br>
<br>
Allen Tom wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi Luke,<br>
<br>
Yes, this is what we're looking for. Currently, in OpenID, the only way
for the RP to link to its privacy policy (which is sort of like linking
to its ToS) is by passing it in the openid.sreg.policy_url parameter
using SREG.<br>
<br>
Since we're trying to deprecate SREG, we can try to move this parameter
to either the UI or AX Extension, or move it into Discovery.<br>
<br>
Is there an actual Discovery spec?<br>
<br>
Allen<br>
<br>
<br>
Luke Shepard wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
FWIW, Facebook Connect allows relying parties to define a “terms of
service” url. We then show that link to users when they click on it.
With OpenID, the equivalent URL would be set using relying party
discovery. Is this more or less what you’re looking for?<br>
<br>
Screenshot:<br>
<br>
<br>
<br>
<br>
On 6/2/09 10:21 AM, "Allen Tom" <<a href="mailto:atom@yahoo-inc.com" target="_blank">atom@yahoo-inc.com</a>>
wrote:<br>
<br>
<br>
Alternatively, the RP could publish its privacy policy in its<br>
discovery<br>
document, which does make a lot of sense, but I understand that<br>
there's<br>
a lot of work going on to define the next generation of<br>
discovery, and<br>
I'm not quite sure what the timeframe is for that.<br>
<br>
</blockquote>
<br>
------------------------------------------------------------------------<br>
<br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@openid.net" target="_blank">specs@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/specs" target="_blank">http://openid.net/mailman/listinfo/specs</a><br>
<br>
</blockquote>
<br>
</blockquote>
<br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@openid.net" target="_blank">specs@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/specs" target="_blank">http://openid.net/mailman/listinfo/specs</a><br>
</blockquote>
<br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@openid.net" target="_blank">specs@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/specs" target="_blank">http://openid.net/mailman/listinfo/specs</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div></div><pre><hr size="4" width="90%"><div class="im">
_______________________________________________
specs mailing list
<a href="mailto:specs@openid.net" target="_blank">specs@openid.net</a>
<a href="http://openid.net/mailman/listinfo/specs" target="_blank">http://openid.net/mailman/listinfo/specs</a>
</div></pre>
</blockquote>
<br>
</div>
</blockquote></div><br>