Re: Completing the SREG 1.1 specification

Thu, 04 Dec 2008 08:05:32 -0800

there would appear to be an opportunity here for some drop-dead simple cross-protocol harmonization by the larger community agreeing on the definition of these sort of privacy policy identifiers by which a requestor indicates its privacy commitments and the authority any obligations.

Define the various URIs and the associated semantics, and leave it to the particular protocols or metadata formats to define bindings.

Liberty took a first stab [1] a while back, but had/has no expectation that the work would be meaningful if used only for Liberty/SAML protocols.

[1] - http://www.projectliberty.org/liberty/content/download/4323/28921/file/draft-liberty-igf-privacy-constraints-v1.0-04.pdf

paul

Dick Hardt wrote: 
On 2-Dec-08, at 3:41 PM, Allen Tom wrote:
  
We decided to build support for SREG before AX because SREG seems to  
be
more widely used, and also because SREG allows the RP to pass the  
url to
its privacy policy in the request. Strangely, AX does not have an
interface for the RP to pass its privacy policy to the OP.
    

Not sure how we missed that feature in SREG. Our bad.

  
Moving forward, we'd also like to support both SREG and AX, if AX is
updated to allow the privacy policy url to be included in the request.
    

Looking at what needs to be addressed in AX. Good suggestion. Ties in  
with suggestions from Nat where the response with the privacy policy  
is returned all signed by the OP.

  
I'd be happy to help contribute to SREG and AX specs if the owners of
the spec would like me to.
    

please!

_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

--
ConnectID
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Reply via email to