Comment 50 for bug 1169

BUGabundo: the original reasoning was that by default, the only information disclosed would be that you own the ID: any further information disclosure would be under the user's control. So the idea was to have identity URLs that did not disclose information about the user.

The anonymity angle has turned out to be less useful that we originally thought it might, and has the downside that users have trouble recognising their own ID. Even for sites that don't show your identity URL to other people, they often display it on the profile page, and it is useful if that is recognisable.

That said, we still feel it is important that a user's identity URL be immutable (since changing the URL cuts you off from accounts on RPs you've previously logged in to) and never recycled (since that would let someone else assume your identity). The proposed scheme attempts to address these concerns.