On 6/11/07, Josh Hoyt <[EMAIL PROTECTED]> wrote:
On 6/8/07, David Fuelling <[EMAIL PROTECTED]> wrote: > If in 50 years, a given canonical URL domain goes away, then couldn't a > given OpenId URL owner simply specify a new Canonical URL in his XRDS doc? If I understand the way that David Recordon and Drummond are proposing that canonical identifiers work, this is not the case. The canonical identifier is the sole database key, and the URL that the user enters and everyone sees is reassignable and (to a certain extent) ephemeral. Control of the canonical identifier is necessary and sufficient to assert one's identity.
Yes, I think that's what is intended. However, there doesn't appear to be any mechanism (aside from the proposal "saying so") to enforce that the canonical identifier is the root key. Seems like somebody could arbitrarily switch their canonical id to a different canonical id, so long as the person doing the switching controls a regular OpenID and its XRDS file that specifies the canonical id. Am I missing something there?
_______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs