>How do I know that the sender of this message actually has the right >to claim the ORCID in question (0000-0001-5882-6823)? The web page >doesn't present anything (such as a public key) that could be used >for authentication. I dunno. How do we know who brian.e.carpenter@xxxxxxxxx is? I can tell you from experience that a lot of people think they are john.levine@xxxxxxxxx, and all but one of them are mistaken. R's, John PS: Now that I think about it, you can already put in a personal URL in rfc2xml, so if someone wants to use an ORCID URL, they can do so right now.