Josh Hoyt wrote: > On 6/8/07, David Fuelling <[EMAIL PROTECTED]> wrote: >> If in 50 years, a given canonical URL domain goes away, then couldn't a >> given OpenId URL owner simply specify a new Canonical URL in his XRDS doc? > > If I understand the way that David Recordon and Drummond are proposing > that canonical identifiers work, this is not the case. The canonical > identifier is the sole database key, and the URL that the user enters > and everyone sees is reassignable and (to a certain extent) ephemeral. > Control of the canonical identifier is necessary and sufficient to > assert one's identity. >
Presumably the recommendation would be to have several identifiers attached to a single account just as is recommended today. I would point most of my identifiers at one canonical identifier but retain one or more special "backup identifiers" that do not point at my "persistent" identifier so that I can reclaim my account if my persistent identifier goes away. Changing the CanonicalID on a particular identifier won't work unless the new CanonicalID URL is also associated with your RP account(s). _______________________________________________ specs mailing list [email protected] http://openid.net/mailman/listinfo/specs
