On 16 September 2013 21:06, Brian E Carpenter
<brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com> wrote:
How do I know that the sender of this message actually has the right
to claim the ORCID in question (0000-0001-5882-6823)? The web page
doesn't present anything (such as a public key) that could be used
for authentication.
It is not the purpose of ORCID to provide authentication.
That said, in my case my ORCID is shown on my website, and my ORCID
profile links to my website, so there is round trip verification.It is
proposed to add "rel-me" [1] attributes to ORCID, to encode that
authentication in a machine-readable manner, when the linked website
(such as mine) also uses that attribute.
[1] http://microformats.org/wiki/rel-me
--
Andy Mabbett
@pigsonthewing
http://pigsonthewing.org.uk