Specifying identifier recycling
Martin Atkins
mart at degeneration.co.uk
Fri Jun 1 07:02:12 UTC 2007
Johnny Bufu wrote:
>
> We did look at this (with Drummond) in December. The bottom line is
> that it can't be done easily - a mechanism similar to XRI's canonical
> ID verification would have to be employed, to confirm that the i-
> number actually 'belongs' to the URL on which discovery was
> initiated. (Otherwise anyone could put any i-number in their URL-
> based XRDS files.)
>
Indeed, CanonicalID verification would be necessary, but it's already
necessary if you want to accept XRI-based logins anyway.
Last time we were talking about this CanonicalID verification for XRI
was not yet specified. Is it now specified somewhere?
More information about the specs
mailing list