[uf-discuss] Authenticity of Authoritative hCard (was: Re: Vote on this: rel="me self" to indicate an authoritative hCard)

[Ara Pehlivanian]

> If you mean, someone at 'BenWardSmellsAwful.com' (don't register
> that, please) writing an hCard and linking to ben-ward.co.uk/about
> with rel="self me", the relationship is such that the Fake Ben's
> hcard is discarded in favour of my real one. This does not allow
> someone to describe 'this hCard here is the authoritative version of
> that one over there'. The direction of parsing disallows fakes.

Yes, but what if someone registers ben-ward.net and puts up a fake
card on that site. Then he goes and publishes a partial hCard on
myspace and points to ben-ward.net/about with rel="self me". He's
effectively hijacked your identity and/or caused confusion and there's
no real way to verify who's who or who's telling the truth. It may not
be such a big deal now, but if microformats are to grow and begin to
be integrated into who knows what apps in the future, there may be a
need to authenticate the validity of the authoritative hCard.

Now I understand that it's not up to the microformat to actually do
any authentication. But I think it makes a lot of sense to build a
mechanism into it that allows you to include a piece of verifiable
data (such as a hash or some other token) that could then be checked
against an authentication service or a file in the root of your own
domain (à-la Google Analytics).

I don't have any immediate ideas on how best to semantically do this,
but the concern popped into my head rather early on and I felt that
maybe now would be the time to bring it up.

Cheers,
A.