On 16 September 2013 21:06, Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote: > How do I know that the sender of this message actually has the right > to claim the ORCID in question (0000-0001-5882-6823)? The web page > doesn't present anything (such as a public key) that could be used > for authentication. It is not the purpose of ORCID to provide authentication. That said, in my case my ORCID is shown on my website, and my ORCID profile links to my website, so there is round trip verification.It is proposed to add "rel-me" [1] attributes to ORCID, to encode that authentication in a machine-readable manner, when the linked website (such as mine) also uses that attribute. [1] http://microformats.org/wiki/rel-me -- Andy Mabbett @pigsonthewing http://pigsonthewing.org.uk