Dealing with renames
Martin Atkins
mart at degeneration.co.uk
Mon May 30 08:48:44 PDT 2005
Xageroth Sekarius wrote:
>
> If every site requires a verification with the identity host, the identity
> host will have a list of all sites which believe X identifier is
> X person.
This assumption is false. There is no requirement for an identity server
to retain a list of every site it has asserted to. Some identity servers
retain no user information whatsoever (such as the LID and TypeKey
proxies), and others only retain a list of sites which will be
automatically approved without confirmation (for example LiveJournal).
Even if this were possible, a user could have logged in to thousands of
web sites. It would be a major undertaking to notify all of them in the
event of account deletion. LiveJournal in particular purges deleted
accounts in a batch job, so that massive undertaking would apply for
every account that has been marked as deleted for more than 30 days at
the time the job is run. In order to be reliable, any sites which aren't
available would have to be queued for a retry later. It's just not feasible.
(For those that aren't familiar, LiveJournal's "delete" feature really
just hides the content until a purge job is run later which truly does
remove the stored journal content and finalizes the delete. Users
routinely delete and undelete journals in after arguments with friends,
temper tantrums and other such drama.)
More information about the yadis
mailing list