[OpenID] What's broken in OpenID 2.0? (IIW session)

[Allen Tom]

Hi Terry,

An owner of an OpenID *should* delete their content before losing
control of their OpenID, but there are many scenarios in which the new
owner would not want to see the previous owner's content if it has not
been cleaned up before the ownership change.

Consider the following scenario:

A user unknowingly is issued a recycled OpenID by their OP, and then
uses that OpenID to access a photo sharing site like Zooomr where the
previous owner had uploaded photos that the new owner finds offensive.
After signing into Zooomr for the first time, the new owner sees the
offensive photos and freaks out. So what happens next?

- The user freaks out, gets a lawyer, and sues the RP and OP

- The photos get leaked to the net, embarrassing the original owner

- The original owner gets a lawyer and sues the RP, OP, and the new user
for leaking the photos

- The original owner also goes to jail because the photos also happen to
be illegal in some locales, even though the photos were marked as private

- The RP can't afford the legal bills and shuts down. The OP shuts down
their OpenID service, and the lawyers make lots of money.

This is just one of many possible scenarios illustrating why OpenID must
resolve the recycling issue. Although one could argue that users should
clean up their data before losing their OpenID, it's unreasonable to
expect this to always happen. The protocol should address the recycling
issue natively without relying on an extension.

Allen

> The (one-time) owner of the OpenID URL is responsible for deleting  
> any content associated with that id before they lose control over the  
> id.