[OpenID] Your OpenID is destined to be your email address

[SitG Admin]

>Remember the goal is that having bound your openid to 100 RPs, 
>should your favorite google OP suspend your account tomorrow there 
>should be NO impact on your access to 99 other RPs . If there is 
>even a modicum of impact on those 99 other relationships, it means 
>that OP had power it should not have in the UCI model.

Hmm . . . a different perspective from the business model, and one 
that I find persuasive. To maintain the users' freedom to select 
non-major OP's, we practically have a (communal) *responsibility* to 
compete.

>To retain control, use RPs that allow one to bind multiple openids 
>to the RP account ( a la plaxo ), or use the delegation mechanism 
>which gives you portability of OPs.

If ever I permit multiple OpenID's to bind, there will be a "trial 
period" before acceptance of the new OpenID, during which ANY visitor 
authenticating as that user will be able to reject it. This should 
prevent hackers from easily adding their own account, if the trial 
period is long enough for most users to log in again during that time 
and notice the proposed change. It will not prevent hackers from 
breaking in and rejecting the legitimate proposal, so users should be 
encouraged to bind multiple OP's in advance, *before* they realize 
they need it soon/now.

-Shade