URL relationship permanence

Xageroth Sekarius xageroth at gmail.com
Thu Jun 30 02:20:50 PDT 2005


How is OpenID portable exactly?

There is no usage of internal UUID's so the only identifier in use is
the one supplied by a URL. I'm confused with how you can build a
relationship with something that was never built to be permanent. I
vaguely remember discussions early on in this list about this issue
but refresh my memory as to why I'm wrong in my thinking.

Let's say there's a user, we'll call him Zack Morris, runs his own
site which is both his OpenID URL and his OpenID server.

OpenID:  http://zack-morris.com/

Zack uses this to visit a very popular message board at
http://somethingwonderful.com/.
He posts there for several months, gets accolades, and eventually he's
a board moderator. People depend on him to keep the boards in shape.

Now what if Zack loses control over that URL somehow. (I shouldn't
have to explain how that's possible, but here's one way:) He forgets
to pay the bills, his credit card was maxed or expired, and the domain
didn't renew and was quickly snatched up by someone else.

What prevents the new owner of zack-morris.com from searching the
internet for previously established relationships to that URL? What
prevents this user from stumbling across the somethingwonderful.com
boards and wreaking havoc on a community? Not only damaging a site but
also damaging the real Zack Morris' good reputation since the
relationship is bound to the URL, not the user.

Worst yet, what if Zack buys back his domain after much hardship only
to find all over the place he's being called a spammer, a scammer, or
even "prepy?" His re-setup OpenID server is useless because it's been
banned from every place he goes.

If an internal db was used, where URL's resolved to a fingerprint or
UUID of some kind, this wouldn't be an issue and the URL would simply
be a vanity. It would even make the ID truely portable if the protocol
supported the transfer of a UUID to another provider along with
preivous trust relationships expressed in an XML format or such.

Maybe I'm forgetting something simple and you guys can feel free to
slap sense into me... but treat me as you would anyone else with my
criticisms, because I certainly won't be the only one to wonder this.


More information about the yadis mailing list