[OpenID] Recycling OpenIDs (Was: What's broken in OpenID 2.0? (IIW session))
Martin Atkins
mart at degeneration.co.uk
Mon May 14 01:05:46 UTC 2007
damnian wrote:
> I don't recall this ever being proposed. I apologize in advance if it was.
>
> What if a hash (e.g. SHA256) of the user's email addreess is used as a
> canonical ID? Here are 5 reasons why this should work (off the top of
> my head):
>
> 1. OpenID needs canonical IDs (duh!).
> 2. Email addresses rarely change.
> 3. Email addresses are verifiable by OPs.
> 4. Email addresses would remain hidden from RPs.
> 5. OpenID would remain decentralized.
>
But email addresses get recycled too!
More information about the general
mailing list