Wrt to the problems we're trying to solve, I think that we should define a (C) (which is similar to (A), yet instigated by the user and doesn't trigger an RP recycle) and a (D). <br><br>In summary: <br><br>A) Identifier recycling normally in large user-base deployments.
i.e.<br><insert big company> needs a way to give 'TheBestUsernameEver' to a new<br>user if it has not been used in some period of time.<br><br>B) Losing control of your own domain name whether that be via someone
<br>stealing it or just that you don't want to have to pay for it forever.<br><br>C) If I change my OP (i.e., I start using an OpenId with a different URL), I should still be able to use all of my existing RP accounts with my new OP, and prevent my old OP from making assertions for me moving forward.
<br><br>D) Publicly displayed OpenID's should be distinguishable from one owner to the next. <br><br>IMHO, Canonical ID's seem to solve (A), (B - to some degree - the canonical URL might get lost, but this could be mitigated), and (C), whereas Fragments solve (A) and (D), so why not use both? Plus, (B) can be solved via AX using private tokens that only an OP, the User, and an RP know (see my previous post, but make the tokens private).
<br><br>Side Note: Can't an OP use canonical URL ID's today without adjusting the current 2.0 spec? It seems like the proposal is just a Yadis adjustment.<br><br>David<br><br><div><span class="gmail_quote">On 6/8/07,
<b class="gmail_sendername">Recordon, David</b> <<a href="mailto:drecordon@verisign.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">drecordon@verisign.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I'm not sure if we all think we're trying to solve the same problem.<br>The two problems that have been discussed are:<br>A) Identifier recycling normally in large user-base deployments. i.e.<br><insert big company> needs a way to give 'TheBestUsernameEver' to a new
<br>user if it has not been used in some period of time.<br>B) Losing control of your own domain name whether that be via someone<br>stealing it or just that you don't want to have to pay for it forever.<br><br>Have we made a decision as to if we're looking for a solution to solve
<br>both of these problems, only A, or only B?<br><br>--David<br>_______________________________________________<br>specs mailing list<br><a href="mailto:specs@openid.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
specs@openid.net</a><br><a href="http://openid.net/mailman/listinfo/specs" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://openid.net/mailman/listinfo/specs</a><br></blockquote></div><br>