<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Luke,<br>
<br>
Yes, this is what we're looking for. Currently, in OpenID, the only way
for the RP to link to its privacy policy (which is sort of like linking
to its ToS) is by passing it in the openid.sreg.policy_url parameter
using SREG.<br>
<br>
Since we're trying to deprecate SREG, we can try to move this parameter
to either the UI or AX Extension, or move it into Discovery.<br>
<br>
Is there an actual Discovery spec?<br>
<br>
Allen<br>
<br>
<br>
Luke Shepard wrote:
<blockquote cite="mid:C64AB1F3.D042%25lshepard@facebook.com" type="cite">
<title>Re: SREG's Privacy Policy URL </title>
<font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size: 11pt;">FWIW, Facebook Connect allows relying parties
to define a “terms of service” url. We then show that link to users
when they click on it. With OpenID, the equivalent URL would be set
using relying party discovery. Is this more or less what you’re looking
for?<br>
<br>
Screenshot:<br>
<br>
<img src="cid:part1.05050401.05000805@yahoo-inc.com"><br>
<br>
<br>
On 6/2/09 10:21 AM, "Allen Tom" <<a moz-do-not-send="true"
href="atom@yahoo-inc.com">atom@yahoo-inc.com</a>> wrote:<br>
<br>
</span></font>
<blockquote><font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size: 11pt;"><br>
Alternatively, the RP could publish its privacy policy in its discovery<br>
document, which does make a lot of sense, but I understand that there's<br>
a lot of work going on to define the next generation of discovery, and<br>
I'm not quite sure what the timeframe is for that.<br>
</span></font></blockquote>
</blockquote>
<br>
</body>
</html>