I worry a little about dumping this into the UX extension, because it's not the logical place to look for it. <div><br></div><div>Instead (and our WG process is really effed here), perhaps we should have a Policy Expression Extension (acronym pending) so that we could express things like this:</div>
<div><br></div><div><span class="Apple-style-span" style="border-collapse: collapse; "><div><div><xrds:XRDS></div></div><div><div><span style="white-space: pre; "> </span><XRD></div><div><span style="white-space: pre; "> </span><Type>xri://$xrds*simple</Type></div>
<div><br></div><div><span style="white-space: pre; "> </span><!-- <span class="il" style="background-image: initial; background-repeat: initial; background-attachment: initial; -webkit-background-clip: initial; -webkit-background-origin: initial; "><span class="Apple-style-span" style="background-color: rgb(255, 255, 255);">Privacy</span></span><span class="Apple-style-span" style="background-color: rgb(255, 255, 255);"> </span><span class="il" style="background-image: initial; background-repeat: initial; background-attachment: initial; -webkit-background-clip: initial; -webkit-background-origin: initial; "><span class="Apple-style-span" style="background-color: rgb(255, 255, 255);">Policy</span></span><span class="Apple-style-span" style="background-color: rgb(255, 255, 255);"> --></span></div>
<div><span style="white-space: pre; "><span class="Apple-style-span" style="background-color: rgb(255, 255, 255);"> </span></span><span class="Apple-style-span" style="background-color: rgb(255, 255, 255);"><Service></span></div>
</div></span></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
<Type><a href="http://schemas.openid.net/policies/privacy">http://schemas.openid.net/policies/privacy</a></Type><br><URI><a href="http://example.com/privacy.php">http://example.com/privacy.php</a></URI></blockquote>
</blockquote><div><span class="Apple-style-span" style="border-collapse: collapse; "><div><div><span style="white-space: pre; "><span class="Apple-style-span" style="background-color: rgb(255, 255, 255); "> </span></span><span class="Apple-style-span" style="background-color: rgb(255, 255, 255);"></Service></span></div>
<div><div><br></div><div><div><span style="white-space: pre; "> </span><!-- Terms & Conditions --></div><div><span style="white-space: pre; "> </span><Service></div></div></div></div></span></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
<blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"><Type><a href="http://schemas.openid.net/policies/terms">http://schemas.openid.net/policies/terms</a></Type><br>
<URI><a href="http://example.com/terms_and_conditions.php">http://example.com/terms_and_conditions.php</a></URI></blockquote></blockquote><div><span class="Apple-style-span" style="border-collapse: collapse; "><div>
<div><div><div><span style="white-space: pre; "> </span></Service></div><div></div></div><div><span style="white-space: pre; "> </span></XRD></div><div></xrds:XRDS></div></div></div></span><div><br></div>
<div>I also think that RP discovery makes a lot of sense, and that really this stuff should all live in /host-meta.</div><div><br></div><div>Chris</div><br><div class="gmail_quote">On Tue, Jun 2, 2009 at 11:14 AM, Allen Tom <span dir="ltr"><<a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">OK, how about if we define a new Privacy Policy <Service> for RPs to include in their XRDS, with a link to their privacy policy?<br>
<br>
So the RP would just include the following snippet in its discovery document, discoverable under its realm:<br>
<br>
<Service><br>
<Type><a href="http://specs.openid.net/path/to/privacy/policy" target="_blank">http://specs.openid.net/path/to/privacy/policy</a></type><br>
<URI><a href="http://www.relyingparty.com/path/to/privacy/policy.html" target="_blank">http://www.relyingparty.com/path/to/privacy/policy.html</a><br>
</Service><br>
<br>
I'm not sure where we can formally document this. I guess we can put it in the UI spec?<br><font color="#888888">
<br>
Allen</font><div><div></div><div class="h5"><br>
<br>
<br>
<br>
George Fletcher wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I think for a short-term solution we'd need to define service "types" for the privacy policy and TOS for XRDS.<br>
<br>
For the long-term, the same could potentially be used as "rel" values in the XRD markup. The XRD spec is solidifying but is not 100% stable.<br>
<br>
I think we should have a discovery option regardless of whether we update UX or AX. So I'd like to see a proposal for XRDS and then when XRD is available, supporting that.<br>
<br>
Thanks,<br>
George<br>
<br>
Allen Tom wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Luke,<br>
<br>
Yes, this is what we're looking for. Currently, in OpenID, the only way for the RP to link to its privacy policy (which is sort of like linking to its ToS) is by passing it in the openid.sreg.policy_url parameter using SREG.<br>
<br>
Since we're trying to deprecate SREG, we can try to move this parameter to either the UI or AX Extension, or move it into Discovery.<br>
<br>
Is there an actual Discovery spec?<br>
<br>
Allen<br>
<br>
<br>
Luke Shepard wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
FWIW, Facebook Connect allows relying parties to define a “terms of service” url. We then show that link to users when they click on it. With OpenID, the equivalent URL would be set using relying party discovery. Is this more or less what you’re looking for?<br>
<br>
Screenshot:<br>
<br>
<br>
<br>
<br>
On 6/2/09 10:21 AM, "Allen Tom" <<a href="mailto:atom@yahoo-inc.com" target="_blank">atom@yahoo-inc.com</a>> wrote:<br>
<br>
<br>
Alternatively, the RP could publish its privacy policy in its<br>
discovery<br>
document, which does make a lot of sense, but I understand that<br>
there's<br>
a lot of work going on to define the next generation of<br>
discovery, and<br>
I'm not quite sure what the timeframe is for that.<br>
<br>
</blockquote>
<br>
------------------------------------------------------------------------<br>
<br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@openid.net" target="_blank">specs@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/specs" target="_blank">http://openid.net/mailman/listinfo/specs</a><br>
<br>
</blockquote>
<br>
</blockquote>
<br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@openid.net" target="_blank">specs@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/specs" target="_blank">http://openid.net/mailman/listinfo/specs</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Chris Messina<br>Open Web Advocate<br><br>Website: <a href="http://factoryjoe.com">http://factoryjoe.com</a><br>Blog: <a href="http://factoryjoe.com/blog">http://factoryjoe.com/blog</a><br>
Twitter: <a href="http://twitter.com/chrismessina">http://twitter.com/chrismessina</a><br><br>Diso Project: <a href="http://diso-project.org">http://diso-project.org</a><br>OpenID Foundation: <a href="http://openid.net">http://openid.net</a><br>
<br>This email is: [ ] bloggable [X] ask first [ ] private<br>
</div>