Dealing with renames

Martin Atkins mart at degeneration.co.uk
Mon May 30 06:52:43 PDT 2005 

Karl Koscher wrote:
> 
> For example, we have a few sites that are restricted to a certain set of 
> LiveJournal users. If they rename, they'll no longer be able to access 
> those sites. Worse, if someone with access to the site deletes their 
> account, and has their account purged, other users will be able to 
> rename to that old account name and be able to access the site. There 
> are hacks that'll work for LiveJournal (fetch their userinfo and check 
> their userid), but not in general.
> 

I think the renaming in itself isn't a major problem. Just as good URLs 
tend to die (as much as we wish they wouldn't) people's OpenID 
identities will die from time to time as well. Those who are prepared 
will arrange for their old ID to redirect, others will just have to get 
a new ID and hope that everyone believes they are still them. Whether 
consumers are expected to update their records where a site responds 
with a Permanent Redirect response code is an interesting point, but I 
think that's just one of those things that everyone's going to end up 
doing differently.

The main problem, which you mentioned briefly here, is that LiveJournal, 
and most probably other sites as well, will allow new users to replace 
deleted accounts with the same name. This causes enough confusion on 
LiveJournal itself: people create links to journals which are later 
owned by someone else. It'll cause even more trouble here because the 
new user will have access to everything the old user had access to.

The only way I can see to deal with this is to require the user to go 
back and delete any OpenID accounts associated with their identity. 
Whether this is possible will depend on the consumer, though. Some sites 
will be unable to do that and will instead have to dis-associate the URL 
while keeping the account around in order to keep the database 
constraints satisfied.

Re-using accounts isn't a particularly clean thing to do anyway, but 
it's inevitable that it'll happen even if LiveJournal were to stop 
allowing it. I expect this will be one of those things that will have to 
be solved socially rather than with software.

More information about the yadis mailing list