[OpenID] Reuse of expired identities?
Eric Norman
ejnorman at doit.wisc.edu
Sun Aug 12 22:07:29 UTC 2007
On Aug 12, 2007, at 10:07 AM, Peter Williams wrote:
> URLs are DNS-based. When URLs are used as persistent identifiers,
> the expiration of domain names allows someone who buys a domain name
> to assume any identities that are tied to that domain name.
I don't think this is quite accurate. It allows someone else to
"own" the identifier, sure. But that doesn't mean they can assume
your identities unless (1) the URL still resolves to your OP, and
(2) the new owner can prove that they now control that linkage.
I think what it really boils down to is whether or not the new
URL owner can obtain control of the old OP or obtain a copy of
its contents.
Eric Norman
http://ejnorman.blogspot.com
More information about the general
mailing list