How do I know that the sender of this message actually has the right
to claim the ORCID in question (0000-0001-5882-6823)? The web page
doesn't present anything (such as a public key) that could be used
for authentication.
I dunno. How do we know who brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com
is? I can
tell you from experience that a lot of people think they are
john(_dot_)levine(_at_)gmail(_dot_)com, and all but one of them are mistaken.
R's,
John
PS: Now that I think about it, you can already put in a personal URL
in rfc2xml, so if someone wants to use an ORCID URL, they can do so
right now.