[OpenID] Using Account Creation Date to preempt recycleable OpenID's in v.next

John Panzer jpanzer at google.com
Sun Dec 6 20:32:57 UTC 2009 

It's only and precisely the 'pretty' identifiers that need recycling.
We have an infinite number of ugly urls.

On Sunday, December 6, 2009, Peter Watkins <peterw at tux.org> wrote:
> On Thu, Dec 03, 2009 at 08:07:46AM +0530, Santosh Rajan wrote:
>
>> 2) Unfortunately fragments just don't look good when printed.
>
> Have you seen the identifiers returned by Google's and Yahoo's
> directed identity OP services? :-)
>
> I think *most* users don't care about "attractive" identifiers
> (just as most motorists don't care what their license plate
> numbers are) -- they see OpenID primarily as a way of avoiding
> setting up additional login accounts on the Web. Those that do
> care about having pretty identifiers buy iNames or set up
> discovery on their blogs, etc.
>
> Leah, are you reading this? Can you give any stats on directed
> identity vs. users entering their own specific identifiers?
>
>> If there are privacy concerns for using the account creation date i am open
>> to using some thing else instead. But the idea was to avoid fragments by
>> adding an extra parameter in the protocol, rather than in AX.
>
> I think you are reading too much into this attribute. It's quite
> conceivable that we might start acting as an OP for our residents (I
> work for a city government that currently only acts as an RP**). It's
> also conceivable that we might delete accounts after a period of
> inactivity or after an individual moves out of the city -- let's say
> John Doe works for the US State Department and moves out for a 3-year
> foreign assignment, and that means we delete his account.
>
> What happens when Mr Doe moves back? We might decide that his new
> account should have the same identifier that his old account had 3
> years ago. We know it's the same user because he came to City Hall
> and showed appropriate ID. But your RP, fixated on "account creation
> time" apparently would treat him as a stranger even though we send
> you the same identifer (plus fragment) as before.
>
> The most important thing for the RP isn't when an account was created,
> it's whether it's the same individual. OPs are in a much better
> position to make that decision.
>
> -Peter
>
> ** I can easily see us acting as an OP supporting AX so that other
> sites can leverage our ability & willingness to verify things like
> residency status.
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>

-- 
--
John Panzer / Google
jpanzer at google.com / abstractioneer.org / @jpanzer

More information about the general mailing list