[OpenID] Recycling OpenIDs (Was: What's broken in OpenID 2.0? (IIW session))
Eric Norman
ejnorman at doit.wisc.edu
Fri May 11 22:00:47 UTC 2007
On May 11, 2007, at 12:51 PM, Martin Atkins wrote:
> An identifier plus a timestamp alone don't really help you much,
> because
> you probably don't know at what point in time the identifier ceased to
> be one person and started to be another.
What if there were no such single point in time? What if the
ceasing and the starting were always separated (by policy) by
something like 5 years? Would that help? It is a recycling
policy thing, but it might be palatable to OP providers and
still come close to giving you what you want. The emphasis is
on "might" 'cause I really don't know.
I did want to mention, however, that just because someone stops
being associated with an identifier doesn't have to imply that
it's immediately available for someone else to snatch.
> Email addresses are in much the same situation (they're often used as
> identifiers, and they're often recycled).
Same comment.
I'm just offering this as something that might be recommended
as a best practice.
Eric Norman
More information about the general
mailing list