Re: ORCID - unique identifiers for contributors

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 16 September 2013 20:06 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCDF911E8131 for <ietf@ietfa.amsl.com>; Mon, 16 Sep 2013 13:06:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J5-6x0RIuWoq for <ietf@ietfa.amsl.com>; Mon, 16 Sep 2013 13:06:12 -0700 (PDT)
Received: from mail-pb0-x235.google.com (mail-pb0-x235.google.com [IPv6:2607:f8b0:400e:c01::235]) by ietfa.amsl.com (Postfix) with ESMTP id 2E70911E80FC for <ietf@ietf.org>; Mon, 16 Sep 2013 13:06:12 -0700 (PDT)
Received: by mail-pb0-f53.google.com with SMTP id up15so4484838pbc.40 for <ietf@ietf.org>; Mon, 16 Sep 2013 13:06:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=gEYLOHFxuejLIesF25vGLN/KUL3VnvYmyv/hm+wEjps=; b=dYMezW0FRdyoJzFwz6XozZ6JWOzMydrG5TsqyevqBGfiSoYP++UOxYRpxhdreEVo53 KLgI81kty6K2ZMYErgx+JsVe13Dlw83NgyUU9u4BPEpLS/NsZza+psJ/CG/FXWMaEYD8 Y7MkhHlb/qf5vt7c4/xwS6FRdZ9jrUFqLrl9hsjNbuAQFMdiARRFCosQG79jjp84t2Nc jCc4qY5b1TNVIhhJWoyyHc7nFghr3QhPByLc5fJSn/rz8ia2DaSw3uIrTR8acx9WDh5N ox62kxDQkNyWZVZ95DB0W1FRGCJ0/6uf/TIYJOoniM35uhG/iUFnLKxUyQGEQGs8oA8b EWcg==
X-Received: by 10.66.182.36 with SMTP id eb4mr5062136pac.125.1379361971838; Mon, 16 Sep 2013 13:06:11 -0700 (PDT)
Received: from [192.168.178.20] (135.201.69.111.dynamic.snap.net.nz. [111.69.201.135]) by mx.google.com with ESMTPSA id sy10sm40636339pac.15.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 16 Sep 2013 13:06:11 -0700 (PDT)
Message-ID: <523764AB.9070809@gmail.com>
Date: Tue, 17 Sep 2013 08:06:03 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Andy Mabbett <andy@pigsonthewing.org.uk>
Subject: Re: ORCID - unique identifiers for contributors
References: <CABiXOE=cbpPigRbqCkZYzgKSN+yiG4HyNznF99WohLc_SByi2g@mail.gmail.com>
In-Reply-To: <CABiXOE=cbpPigRbqCkZYzgKSN+yiG4HyNznF99WohLc_SByi2g@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Sep 2013 20:06:13 -0000

On 17/09/2013 02:39, Andy Mabbett wrote:
> [First post here]
> 
> Hello,
> 
> I'm a contributor to RFC 6350 - but I'm listed there by name only, and
> there is nothing to differentiate me from some other Andy Mabbett (the
> problem is no doubt worse for people with less unusual family names).
> Like many such contributors, I don't want to publish my email address
> as an identifier, in case I get spammed, and if I give an affiliation
> or even the URL of my website, that may change over time.
> 
> This problem is addressed by "Open Research Contributor Identifiers"
> (ORCID; <http://orcid.org>),  UIDs (and URIs) for scientific and other
> academic authors. Mine is below.

The idea is interesting, but I don't understand the security model.

How do I know that the sender of this message actually has the right
to claim the ORCID in question (0000-0001-5882-6823)? The web page
doesn't present anything (such as a public key) that could be used
for authentication.

    Brian