0

Warning: www.showzey.com has not forwarded their Privacy Policy

Hi,
We are implementing OpenID protocol for our site http://www.showzey.com. Everything seems to work, except that users are getting the following warning:
"Warning: www.showzey.com has not forwarded their Privacy Policy"

What should we do to eliminate this warning? Should we add something to our XRDS document? Or we need to register our site with Yahoo! and provide our privacy policy?

Thanks,
Senad

by
4 Replies
  • I would love it if Yahoo would put that above my OpenId request - as that would mean I'd be receiving an email address along with the login.

    Could you tell me which parameters you send to Yahoo in order to get this information?

    I use Yahoo! OpenId to let ppl login on http://www.ilikealot.com/ - and I'm only getting the OpenId Identifier back in the after-authorization response..

    As for how to remove the message / forward privacy information to Yahoo - I don't know.
    0
  • QUOTE (Dizdar S @ Sep 26 2009, 10:50 AM) <{POST_SNAPBACK}>
    Hi,
    We are implementing OpenID protocol for our site http://www.showzey.com. Everything seems to work, except that users are getting the following warning:
    "Warning: www.showzey.com has not forwarded their Privacy Policy"

    What should we do to eliminate this warning? Should we add something to our XRDS document? Or we need to register our site with Yahoo! and provide our privacy policy?

    Thanks,
    Senad


    I am getting the same message for my domain. How do you forward your Privacy Policy?
    0
  • Sites using Attribute Exchange or Simple Registration (to get the user's email address, etc) must include the site's privacy policy url in the openid.sreg.policy_url request parameter, as documented in Section 3 of the Simple Registration spec:

    http://openid.net/specs/openid-simple-regi...ion-1_1-01.html

    Unfortunately, the authors of the Attribute Exchange spec forgot to include the Privacy Policy request parameter in the Attribute Exchange 1.0 spec, so you'll still need to use SREG to pass us the privacy policy, even if you're using AX. The next version of the AX spec will include a way for sites to include their privacy policy.

    The privacy policy URL must be contained within the openid.realm of the request, and must also return HTTP 200. (The Yahoo OP will fetch the privacy policy to make sure that it's a valid page)
    0
  • Ok, I've added the openid.sreg.policy_url to my auth request, looked at showzey.com's request and mimicked everything I saw in there to see if that would magically unlock the profile information to me. But no, it doesn't.

    It seems that showzey.com could get rid of that message if only he'd add the openid.sreg.policy_url parameter, but how do get users to send me their email address when they login through Yahoo?

    Any suggestions are appreciated, and rewarded with beer (if you live in the Aalborg, Denmark area).
    0

Recent Posts

in OpenID General Discussion