Dealing with renames

Martin Atkins mart at
Mon May 30 08:48:44 PDT 2005

Xageroth Sekarius wrote:
> If every site requires a verification with the identity host, the identity
 > host will have a list of all sites which believe X identifier is
 > X person.

This assumption is false. There is no requirement for an identity server 
to retain a list of every site it has asserted to. Some identity servers 
retain no user information whatsoever (such as the LID and TypeKey 
proxies), and others only retain a list of sites which will be 
automatically approved without confirmation (for example LiveJournal).

Even if this were possible, a user could have logged in to thousands of 
web sites. It would be a major undertaking to notify all of them in the 
event of account deletion. LiveJournal in particular purges deleted 
accounts in a batch job, so that massive undertaking would apply for 
every account that has been marked as deleted for more than 30 days at 
the time the job is run. In order to be reliable, any sites which aren't 
available would have to be queued for a retry later. It's just not feasible.

(For those that aren't familiar, LiveJournal's "delete" feature really 
just hides the content until a purge job is run later which truly does 
remove the stored journal content and finalizes the delete. Users 
routinely delete and undelete journals in after arguments with friends, 
temper tantrums and other such drama.)

More information about the yadis mailing list