I still think the person route is the way to go. One way to prevent the scenario (malicous updating of name) that you mention, is to require that someone who is using the same email to make a second comment to become a registered user.
A less intrusive option is to require authentication (i.e. migration from personhood to userhood) when a person tries to update their name. In both cases I mention, the migration from person to user should require an email authentication.
Ultimately, I think we need more facilities for managing the different flavors of parties in the toolkit. On the project I'm working on we have an author relation on party_id (along with other similar relations) and we are going to be using users, persons, and organizations as authors, etc. The trick is how to manage when someone who might be an author joins the site as a user after someone with the same name has already been established as a person in the database by content managers, etc. Who verifies that this "John Smith" is the same "John Smith" who wrote a book on bike lanes being added to streets that is listed in the content repository? There are number of possibilies. Any thoughts? Perhaps I should post to a new thread.
