On 18/04/07, David Gerard <dgerard(a)gmail.com> wrote:
I was going to
suggest we could publish some user db data with yet
another hashing layer, but we can't. We sure have too many users with a
one-letter password.
But don't worry. Users table are so small that Brion can save them under
his pillow ;-)
Let's assume Brion is 100% trustworthy with personal information (I
think we can actually assume this is true). The WMF is eaten by
invading Martian badgers.
* How much work to verify any person is who they say they are?
* Who does he give the results to?
In the second case, a public list of "this old-userID is this OpenID"
would be something that wouldn't violate a confidence - if each person
made the match by logging in and submitting the OpenID they wanted to
correlate and publicise for credit.
Confirmed email addresses would be a good start. I'm assuming here
that by the vast majority of "heavy users" have a confirmed email
address, and many of the others have an unconfirmed one; using that as
part of the verification would seem the most obvious first step.
--
- Andrew Gray
andrew.gray(a)dunelm.org.uk