[OpenID] OpenId recycling and trust
Johnny Bufu
johnny at sxip.com
Mon Oct 1 21:39:03 UTC 2007
Tom,
On 30-Sep-07, at 12:32 AM, tom calthrop wrote:
> We have software to create a community in which people contribute. We
> identify them using OpenID. The problem is this: a person connects
> to us
> using http://tom.provider1.com, then abandons provider1.com in
> favor of
> provider2.com. Provider1.com then frees the account and another person
> registers with them who is then given the same URL. They then
> connect to
> our community and automatically become the author of the original
> contributors work.
Have you looked at the "Identifier Recycling" section[1] in the
latest draft? Discussions on this topic led to a fragment-based
solution[2].
The problem you're stating is that OpenID URL Identifiers (URLs) are
not persistent. With the fragment approach we've spec'ed, OpenID URL
issuers (OPs) can choose to add persistence to OpenID URL Identifiers.
XRIs offer persistent identifiers (the i-number behind an i-name), so
this can be a possible solution for you.
Johnny
[1] http://openid.net/specs/openid-
authentication-2_0-12.html#identifying
[2] http://openid.net/pipermail/specs/2007-May/001767.html
More information about the general
mailing list