Dealing with renames
xageroth at gmail.com
Mon May 30 07:35:38 PDT 2005
> The only way I can see to deal with this is to require the user to go
> back and delete any OpenID accounts associated with their identity.
> Whether this is possible will depend on the consumer, though. Some sites
> will be unable to do that and will instead have to dis-associate the URL
> while keeping the account around in order to keep the database
> constraints satisfied.
Why not push a dis-associate message? If every site requires a
verification with the identity host, the identity host will have a
list of all sites which believe X identifier is X person. As soon as
that is no longer true, such as an account deletion, the identity host
can push a message to all sites on the list requesting a disconnect.
For particularly strict identity hosts, it can be the case that a
re-issued account can not register verification with a site until the
identity host can successfully recieve back a message stating that the
previous owner associations have been discarded.
More information about the yadis