[OpenID] Using Account Creation Date to preempt recycleable OpenID's in v.next

[Santosh Rajan]

I would like to first of all, apologies to all members of the community, for
having made comments that has caused distress on this list. My apologies to
all members.


I am not aware if the idea of using account creation dates to preempt
recycleable identifiers has been considered before, and i thought it might
be a cheap way to preempt the problem, and worth looking into.

All accounts have a logical creation date, a time stamp that in combination
with an account identifier will be universally unique. I think all providers
save this time stamp (or atleast the creation date) when the account is
created. Let us call this timestamp the "account timestamp". This timestamp
does not change through the life cycle of the identifier, and only changes
when a new account is created with the same identifier (recycled).

1) All OP's can return the account timestamp as an extra parameter with
every authentication response.
2) Every time a user logs in at an RP, the RP can verify that the timestamp
has not changed.
3) If the timestamp has changed, it means that this a recycled identifier,
and this is a new user.



-- 
http://hi.im/santosh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20091202/1e96ecc4/attachment.htm>