[OpenID] Anonymous, meaningless?

John Panzer jpanzer at acm.org
Thu Sep 4 18:20:37 UTC 2008 

SitG Admin wrote:
>> I daresay your concerns are completely valid (except that 512 bytes 
>> * 2000 users = 1 MB, != 1GB).
>>     
>
> I've said this before, but I suck at math :)
>
>   
>> A standard policy web email services employ is "if you don't stop by 
>> once in six months, your account is deleted".  You could perhaps do 
>> the same.
>>     
>
> Another area where I strive for (yet fail to reach) perfection in my code ;)
>
> Perhaps "if you don't stop by in 6 months, maintenance routines will 
> check your site to see if it's still up, and if there isn't an active 
> URI there anymore, your account will be presumed unrenewable and 
> removed", with several checks occurring over a period of a month just 
> to be sure the site wasn't suffering some downtime, before giving up 
> on it. (Or much sooner if the *site* was up but *that URI* wasn't 
> around anymore.) Not sure how this would interact with URI's that the 
> site would normally identify with generation fragments, though.
>   
> Come to think of it, how do generation fragments work on sites that 
> aren't offering OpenID to all their users, but where the individual 
> users are just adding their own OpenID headers to each page? How does 
> an OP determine that www.somehost.com/user is a different user than 
> it was 2 months ago, when the site permits someone else to recreate 
> with the same name so soon after deletion? I guess that would go into 
> an "OP best practices" list, to be careful about giving the same 
> generational identifier to someone who has to reset their account 
> with the OP using nothing more than "I have this URI *now*." (though 
> what being careful would *mean* in this context, I have no idea).
>   

If we had an OP (and RP) best practices document, it would be good to 
have a generally understood limit of 6 months (or whatever) so that we 
can safely recycle URIs. Especially for sites such as Blogger, where the 
URIs may or may not have been actually used as OpenIDs, it'd be good to 
have a well understood freshness limit.  (We'll use generation fragments 
of course when moving to 2.0... but there are other reasons not to 
recycle as these URIs are more than just OpenID identifiers.)

> -Shade
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080904/d3bf38f1/attachment-0001.htm>

More information about the general mailing list