On Fri, Apr 11, 2025, at 11:27, Phillip Hallam-Baker wrote:
ORCID is designed to meet a particular requirement - providing attribution so academics can advance in their careers.While that is a security requirement, it is a rather peculiar one in that impersonation is not quite the same concern that it would be for a system accrediting (say) doctors and lawyers. While it is possible that someone would have a pecuniary motive for submitting a journal article under the name of someone else, this is not common.Which is not to say we should ignore ORCID but it looks to me like infrastructure we should interface to rather than rely on.
That seems pretty similar to the requirement for RFCs to me. What attack vector are you seeing that I am not under which somebody could impersonate the author of an old RFC and have additional capabilities with the IETF than they would now, if an ORCID was compromised somehow.
Bron.
--
Bron Gondwana, CEO, Fastmail Pty Ltd
brong@xxxxxxxxxxxxxxxx
