[OpenID] Recycling OpenIDs (Was: What's broken in OpenID 2.0? (IIW session))
Allen Tom
openid at allentom.com
Mon May 14 05:23:34 UTC 2007
Hi Dmitry,
This proposal won't work for OPs that offer both email and OpenID. For
instance, my AOL OpenID and AOL email are both based on my AOL ScreenName.
If and when my AOL ScreenName gets recycled, both my email and my OpenID
would be given to a new owner.
#3 is a good idea. I do think that by default, OPs that offer OpenID and
Email should decouple the email/IM address from the OpenID to help
shield users from spam and spim issues.
Thanks,
Allen
> I don't recall this ever being proposed. I apologize in advance if it was.
>
> What if a hash (e.g. SHA256) of the user's email addreess is used as a
> canonical ID? Here are 5 reasons why this should work (off the top of
> my head):
>
> 1. OpenID needs canonical IDs (duh!).
> 2. Email addresses rarely change.
> 3. Email addresses are verifiable by OPs.
> 4. Email addresses would remain hidden from RPs.
> 5. OpenID would remain decentralized.
>
>
> Regards,
> Dmitry
> =damnian
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
More information about the general
mailing list