Specifying identifier recycling
Dick Hardt
dick at sxip.com
Mon Jun 4 15:44:55 UTC 2007
On 4-Jun-07, at 7:51 AM, Granqvist, Hans wrote:
>> So I ask again - does anyone see any issues with the
>> fragments being used like this:
>>
>> http://openid.net/pipermail/specs/2007-May/001767.html
>>
>
> Seems reasonable in essence. But it adds complexity and
> removes some immediacy of URL identifiers-as-is.
>
> Do fragments need special handling just to handle id
> recycling risks?
>
> I'm probably missing some context, but can't the issuing OP
> make sure to issue unique IDs, like http://example.com/user1234
> instead of http://example.com/user#1234 ?
Just to clarify the issue:
Users like to have memorable usernames, and likely memorable OpenIDs.
So http://example.com/hans would be a desirable URL at example.com.
For OPs with literally 100Ms of users, http://example.com/hans would
be a coveted URL and if it is not being used, example.com would like
to issue it to someone else.
I think the tradeoff of RPs understanding to strip fragments when
displaying them is worth removing a barrier for very large OPs from
joining OpenID.
-- Dick
More information about the specs
mailing list