>What's the use-case? If the RP doesn't care about distinguishing between users that have accounts at a site but identify themselves as such anonymously, it can reclassify them as "users that have accounts at a site", consolidating what could be a large number of identities into a single account. (This is largely a convenience for the Relying Parties, reducing database clutter but perhaps the performance hit wouldn't be noticed anyway?)
RP's may want to discriminate between users that use a "real" URI and those that only use OpenID anonymously, just as users may want to experiment with new sites using a unique (randomly generated) URI that can't be associated with their accounts elsewhere, and then use their main URI if they decide they like the RP's services. (I'm hoping that others here will volunteer their own specific use-cases or what they *could* do with such information were it asserted by an OP.) One form of discrimination could be encouraging users to have a "real" URI by giving them more features - reward them for adapting to the Web 2.0 model and using their OpenID around the web. Another could be swifter expiration of new accounts under the presumption that new users who use an anonymous URI are just experimenting with the service (this would be both a performance convenience for RP's as described above, and a complement of the encouragement more immediately above, instead *dis*-couraging users from using an anonymous URI for long-term use). (Since a user could still create multiple accounts on one or more sites and use each of them as a "real" URI; such discrimination wouldn't reduce the user's ability to compartmentalize their identity and maintain privacy.) -Shade _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs