Proposal for Recycling Identifiers in OpenID 2.0

Allen Tom openid at allentom.com
Mon May 14 07:34:23 UTC 2007


Hi Dick,

I'm very glad to see that we're making progress in resolving the OpenID
recycling issue. 

It would seem to make sense to embed the fragment into the document
referenced by the OpenID, however in the interest of keeping the OP
discovery implementation simple and robust, I'd be in favor of adding
another parameter in the <head> of the document rather then having the
RP attempt to parse the body of the page for an <a> tag that matches the
fragment. 

In OpenID 2.0, embedding the fragment into the OpenID document might not
be necessary since the OP can just return it in the Auth Response.

It might make sense for the fragment to be a timestamp indicating when
the OpenID was first registered, perhaps even in human readable format.
For instance http://user.myopenid.com#2006-02-25 could indicate that the
OpenID http://user.myopenid.com was registered on Feb 25, 2006. 

Allen






> 
> Does the document need to contain "http://openid.op.com/user#7356"  
> for the RP to close the circle on what the OP is stating?




More information about the specs mailing list