[OpenID] Reuse of expired identities?

Eric Norman ejnorman at doit.wisc.edu
Sun Aug 12 22:07:29 UTC 2007


On Aug 12, 2007, at 10:07 AM, Peter Williams wrote:

> 		URLs are DNS-based. When URLs are used as persistent identifiers, 
> the expiration of domain names allows someone who buys a domain name 
> to assume any identities that are tied to that domain name.

I don't think this is quite accurate.  It allows someone else to
"own" the identifier, sure.  But that doesn't mean they can assume
your identities unless (1) the URL still resolves to your OP, and
(2) the new owner can prove that they now control that linkage.

I think what it really boils down to is whether or not the new
URL owner can obtain control of the old OP or obtain a copy of
its contents.

Eric Norman
http://ejnorman.blogspot.com




More information about the general mailing list