there would appear to be an opportunity here for some drop-dead simple
cross-protocol harmonization by the larger community agreeing on the
definition of these sort of privacy policy identifiers by which a
requestor indicates its privacy commitments and the authority any
obligations. Define the various URIs and the associated semantics, and leave it to the particular protocols or metadata formats to define bindings. Liberty took a first stab [1] a while back, but had/has no expectation that the work would be meaningful if used only for Liberty/SAML protocols. [1] - http://www.projectliberty.org/liberty/content/download/4323/28921/file/draft-liberty-igf-privacy-constraints-v1.0-04.pdf paul Dick Hardt wrote: On 2-Dec-08, at 3:41 PM, Allen Tom wrote:We decided to build support for SREG before AX because SREG seems to be more widely used, and also because SREG allows the RP to pass the url to its privacy policy in the request. Strangely, AX does not have an interface for the RP to pass its privacy policy to the OP.Not sure how we missed that feature in SREG. Our bad.Moving forward, we'd also like to support both SREG and AX, if AX is updated to allow the privacy policy url to be included in the request.Looking at what needs to be addressed in AX. Good suggestion. Ties in with suggestions from Nat where the response with the privacy policy is returned all signed by the OP.I'd be happy to help contribute to SREG and AX specs if the owners of the spec would like me to.please! _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs |
_______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs