[OpenID] OpenId recycling and trust
Christopher St John
ckstjohn at gmail.com
Sun Sep 30 14:55:54 UTC 2007
On 9/30/07, tom calthrop <tom at barnraiser.org> wrote:
> The problem is this: a person connects to us
> using http://tom.provider1.com, then abandons provider1.com in favor of
> provider2.com. Provider1.com then frees the account and another person
> registers with them who is then given the same URL. They then connect to
> our community and automatically become the author of the original
> contributors work.
>
It isn't an answer for less sophisticated users, but the idea is that you
always use a domain you control as your openid url, then use a
redirection to point to the openid service that you're using. So it's
invisible when you switch from provider1 to provider2.
It reduces the problem from "provider1 that is outside my control
has recycled my account" to "keep control of my own domain".
-cks
--
Christopher St. John
http://artofsystems.blogspot.com
More information about the general
mailing list