<div>James,</div><div><br></div><div>You make a good point about using "=drummond" everyone eventually leading to out-of-date identifiers. But I think the biggest value to non-recycleable persistent identifiers is the security that losing control of that identifier cannot lead to someone else eventually spoofing your identity at an RP. That's <i>huge</i>. </div>
<div><br></div><div>The second most important value (IMO) of this is that after "=drummond" is recycled, Drummond can still either log into the RP with his i-number, or acquire a new recyclable identifier and attach it to his i-number and log in with that. I don't know how re-attaching a new i-name to an existing i-number works, or even if it does today. But it seems like a logical thing to be able to do.</div>
<div><br></div><div>The convenient, but least important IMO, is what you bring up, James, which is that others who recognize the i-name are still able to find the original owner, even if that owner doesn't own that alias any more. I don't know how to make this work, but given the two earlier points, I think achieving the first two without the third would still be hugely worthwhile.</div>
<div><br></div>--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Mon, Nov 30, 2009 at 6:01 AM, Manger, James H <span dir="ltr"><<a href="mailto:James.H.Manger@team.telstra.com">James.H.Manger@team.telstra.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div lang="EN-AU" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">=Drummond,</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal">> In any case, I feel very very strongly that whatever OpenID v.next does about identifiers,</p>
<p class="MsoNormal">> it MUST address the issue of consistent handling and mapping of persistent, non-recycleable identifiers and</p>
<p class="MsoNormal">> non-persistent, reassignable human-friendly synonyms for those identifiers.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">A “persistent, non-recycleable identifier” (eg an i-number) sounds like a useful concept, but I am always struck by how much more useful “=drummond” seems to be than whatever your i-number happens to be.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">“=drummond” (eg an i-name) is supposed to be a “non-persistent, reassignable synonym” for your i-number. However, only your i-name appears in e-mails (like this thread), your blog domain name, web pages, and other online resources. If =drummond
gets reassigned, these resources will not change so they become “wrong”. Having an i-number doesn’t seem to help here.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Perhaps these are aspects of reputation, and perhaps reputation is a special case that needs human-friendly i-names not persistent i-numbers.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I guess accounts at online service providers that use your i-number as the account id will “fail safely” if your i-name is reassigned. Even in this situation, though, it is not clear that non-recycleable identifiers are crucial. You can
notify a service when your identifier changes, which just leaves the services you didn’t care enough about to notify that benefit from non-recycleable identifiers.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Finally, if someone has let their non-persistent, reassignable synonym lapse, are they likely to be able to (securely) reclaim their persistent, non-recycleable identifier in the future? How do you prove you own an i-number (some time after
you have stopped paying for an i-name that used to resolve to it)? I am not that familiar with i-number practises, but it sounds like an awkward business problem. Does the process for re-claiming a non-recycleable identifier (eg an i-number) become a little-known
backdoor that can undermine the security of systems?<span style="font-size:11.0pt;color:#1F497D"></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p><font color="#888888">
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><b><span lang="FR" style="color:#1F497D">James Manger</span></b></p>
</font></div>
</div>
<br>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@lists.openid.net">general@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
<br></blockquote></div><br>