[OpenID] Recycling OpenIDs (Was: What's broken in OpenID 2.0? (IIW session))

[Dmitry Shechtman]

I don't recall this ever being proposed. I apologize in advance if it was.

What if a hash (e.g. SHA256) of the user's email addreess is used as a
canonical ID? Here are 5 reasons why this should work (off the top of
my head):

1. OpenID needs canonical IDs (duh!).
2. Email addresses rarely change.
3. Email addresses are verifiable by OPs.
4. Email addresses would remain hidden from RPs.
5. OpenID would remain decentralized.


Regards,
Dmitry
=damnian