Registration - 2.1 policy_url SHOULD be displayed?
Issue #653
wontfix
Current:
{{{ policy_url OPTIONAL. A URL location that the Relying Party Client provides to the End-User to read about the how the profile data will be used. The OpenID Provider SHOULD display this URL to the End-User if it is given. }}}
The last sentence says "The OpenID Provider SHOULD display this URL to the End-User if it is given." I think it should be MUST. At least, by making it MUST, we can help the world a bit.
Comments (3)
-
reporter
-
reporter
-
assigned issue to
Michael Jones
- edited description
Perhaps keeping it as SHOULD and stating in the privacy consideration that in many jurisdictions that the service is being offered (without respect to where the server is located), it would be illegal not to show it.
-
assigned issue to
-
- changed status to wontfix
It was decided at the 22-Oct-12 working group meeting at Google that we will leave this as a SHOULD. Justin added that if you can't trust the source of the privacy URL, it doesn't add any value.
- Log in to comment
- Assignee
- Type
- Priority
- Status
- wontfix
- Component
- Registration
- Milestone
- –
- Version
- –
- Votes
- 0
- Watchers
- 0
Discuss it at F2F