<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Chris,<div><br></div><div>I agree that a WG on RP Discovery to define this is a start.</div><div><br></div><div>It probably needs to wind up in the individual specs over time though.</div><div><br></div><div>This would likely be in the RP's XRD rather than site meta as work on the spec is going.</div><div><br></div><div>SiteMeta will not be signed so from an integrity point of view and to support return_to delegation and other things people are keen on the RP's XRD/S is the correct place to put it.</div><div><br></div><div>XRDS and XRD are quite different from a a syntax point of view.</div><div><br></div><div>We need to get something done for XRDS per your suggestion or something similar, then sort out the long term refinements for XRD.</div><div><br></div><div>Not to put too fine a point on this but is there a way we can agree on something in less than a year?</div><div><br></div><div>Your proposal for XRDS, will likely work just fine for people wanting to move to AX from SREG.</div><div><br></div><div>It breaks nothing, I don't see why we shouldn't make something like this available quickly for those that want a lightweight solution for the missing AX functionality.</div><div><br></div><div>John B.</div><div><br><div><div>On 3-Jun-09, at 6:26 AM, <a href="mailto:specs-request@openid.net">specs-request@openid.net</a> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><span class="Apple-style-span" style="color: rgb(0, 0, 0); font-family: -webkit-monospace; font-size: 10px; ">Date: Tue, 2 Jun 2009 22:56:27 -0700<br>From: Chris Messina <<a href="mailto:chris.messina@gmail.com">chris.messina@gmail.com</a>><br>Subject: Re: SREG's Privacy Policy URL<br>To: Allen Tom <<a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>><br>Cc: "<a href="mailto:specs@openid.net">specs@openid.net</a>" <<a href="mailto:specs@openid.net">specs@openid.net</a>><br>Message-ID:<br><span class="Apple-tab-span" style="white-space: pre; "> </span><<a href="mailto:1bc4603e0906022256s42548c5fg7b04ddba5bf481b2@mail.gmail.com">1bc4603e0906022256s42548c5fg7b04ddba5bf481b2@mail.gmail.com</a>><br>Content-Type: multipart/alternative;<br><span class="Apple-tab-span" style="white-space: pre; "> </span>boundary=0016e6475d18131382046b6b523f<br><br>--0016e6475d18131382046b6b523f<br>Content-Type: text/plain; charset=windows-1252<br>Content-Transfer-Encoding: quoted-printable<br><br>I worry a little about dumping this into the UX extension, because it's not<br>the logical place to look for it.<br>Instead (and our WG process is really effed here), perhaps we should have a<br>Policy Expression Extension (acronym pending) so that we could express<br>things like this:<br><br><xrds:XRDS><br><XRD><br><Type>xri://$xrds*simple</Type><br><br><!-- Privacy Policy --><br><Service><br><br><Type><a href="http://schemas.openid.net/policies/privacy">http://schemas.openid.net/policies/privacy</a></Type><br><URI><a href="http://example.com/privacy.php">http://example.com/privacy.php</a></URI><br><br></Service><br><br><!-- Terms & Conditions --><br><Service><br><br><Type><a href="http://schemas.openid.net/policies/terms">http://schemas.openid.net/policies/terms</a></Type><br><URI><a href="http://example.com/terms_and_conditions.php">http://example.com/terms_and_conditions.php</a></URI><br><br></Service><br></XRD><br></xrds:XRDS><br><br>I also think that RP discovery makes a lot of sense, and that really this<br>stuff should all live in /host-meta.<br><br>Chris<br><br>On Tue, Jun 2, 2009 at 11:14 AM, Allen Tom <<a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>> wrote:<br><br><blockquote type="cite">OK, how about if we define a new Privacy Policy <Service> for RPs to<br></blockquote><blockquote type="cite">include in their XRDS, with a link to their privacy policy?<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">So the RP would just include the following snippet in its discovery<br></blockquote><blockquote type="cite">document, discoverable under its realm:<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><Service><br></blockquote><blockquote type="cite"><Type><a href="http://specs.openid.net/path/to/privacy/policy">http://specs.openid.net/path/to/privacy/policy</a></type><br></blockquote><blockquote type="cite"><URI><a href="http://www.relyingparty.com/path/to/privacy/policy.html">http://www.relyingparty.com/path/to/privacy/policy.html</a><br></blockquote><blockquote type="cite"></Service><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">I'm not sure where we can formally document this. I guess we can put it i=<br></blockquote>n<br><blockquote type="cite">the UI spec?<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Allen<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote></span><br class="Apple-interchange-newline"></blockquote></div><br></div></body></html>