[uf-discuss] Authenticity of Authoritative hCard (was: Re: Vote on this: rel="me self" to indicate an authoritative hCard)

David Janes davidjanes at blogmatrix.com
Wed Jan 31 07:18:03 PST 2007

On 1/31/07, Ben Ward <lists at ben-ward.co.uk> wrote:

> The authoritative version of the hCard is only going to be relative
> to the published hCard itself. The situation doesn't change. Someone
> could already write an inaccurate hCard for me on their website. They
> could write a more thorough version and link from one to the other
> with rel="me self".  This addition doesn't affect the authenticity.
> Authenticity falls out of scope of hCard alone. Layer in some OpenID
> and you can have start to imply some authenticity. (e.g. Parse an
> hCard at the OpenID url and follow rel="me self" to another domain.)
> If you mean, someone at 'BenWardSmellsAwful.com' (don't register
> that, please) writing an hCard and linking to ben-ward.co.uk/about
> with rel="self me", the relationship is such that the Fake Ben's
> hcard is discarded in favour of my real one. This does not allow
> someone to describe 'this hCard here is the authoritative version of
> that one over there'. The direction of parsing disallows fakes.

Open ID spells this out up front: authentication is not trust [1].
It's similar for us; you/your consumer has to decide whether it trusts
a URI (BenWardSmellsAwful.com) making a authorative-hcard claim about
a hCard (ben-ward.co.uk/about), which you'll also have to make your
own decision about!

The nice thing is all the information is there for you to examine in
the open. Beyond that, the trust issue is difficult, to say the least,
and probably not solvable by microformats ... or big companies, or big
government :-)

Regards, etc...

[1] http://openid.net/about.bml

David Janes
Founder, BlogMatrix

More information about the microformats-discuss mailing list