+1
On Jan 27, 2009, at 6:30 PM, Allen Tom wrote:
I agree with Martin. I believe that AX is the correct solution in
the long run, but given that there appears to be more SREG
implementations currently in the wild, we should update it to make
it useful for sites that want to use it.
The other factor is that our lawyers feel very strongly that the
user should have the opportunity to read the RP's privacy policy
before authorizing any data exchange, and only SREG has the ability
to do this automatically. The alternative would be to use OAuth, and
require RPs to pre-register with Yahoo and provide their privacy
policy and/or agree to a ToS before using our OP.
Allen
Martin Atkins wrote:
I agree that having both is not ideal, but I also feel strongly
that we need to have a good SREG 1.1 spec because in practice today
there are lots of SREG implementations and it is important to be
able to interoperate with them even if in the long term we'd like
to move to AX.
This is, incidentally, why I was previously proposing forming an
SREG group whose task is *only* to fix the spec to reflect current
practice. This should encourage SREG interop in the short term
while new developments to AX will encourage a move to AX in the
longer term.
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs