On 6/20/07, Chris Drake [EMAIL PROTECTED] wrote:
You've got 6 points under the use cases, but it's really just 1 use
case, and then 5 consequences [of] recycling.
I was trying to precisely define the identifier recycling problem to
which people are discussing a solution. Feel free to correct the
structure if you have a better presentation, or to add more depth to
the problem description.
Is there room on your Wiki for opposition? It's only going to take
one screwup and an angry victim someplace and the whole recycling
issue could bankrupt someone in the prevailing identity theft
lawsuit.
There is certainly room for opposition, but I tried to frame this
issue with a minimum of bias, and I hope that anyone who contributes
to the wiki will try to do the same. That is, I encourage you to add
or correct anything that's there (it's a wiki, after all), but please
add a section arguments against identifier recycling or similar, so
that the whole context is preserved.
Why would any responsible Identity provider want to give a past
identity to a new person, and why would we want to encourage this
misbehavior by supporting it ?
I think there is a big difference between giving someone an *identity*
and giving them an *identifier.* I know that LiveJournal recycles
names, and so do other large sites. I think it's more a matter of
whether we acknowledge that this is going to happen and try to come up
with something that will work for users and site operators or pretend
that it's not going to happen and deal with the consequences.
That said, I'm mostly trying to collect the whole community's
viewpoints into one document to aid in the decision process rather
than pushing a particular agenda.
Josh
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
