[uf-discuss] Authenticity of Authoritative hCard (was: Re: Vote
on this: rel="me self" to indicate an authoritative hCard)
davidjanes at blogmatrix.com
Wed Jan 31 08:07:00 PST 2007
On 1/31/07, Ara Pehlivanian <ara.pehlivanian at gmail.com> wrote:
> Yes, but what if someone registers ben-ward.net and puts up a fake
> card on that site. Then he goes and publishes a partial hCard on
> myspace and points to ben-ward.net/about with rel="self me". He's
> effectively hijacked your identity and/or caused confusion and there's
> no real way to verify who's who or who's telling the truth. It may not
> be such a big deal now, but if microformats are to grow and begin to
> be integrated into who knows what apps in the future, there may be a
> need to authenticate the validity of the authoritative hCard.
> Now I understand that it's not up to the microformat to actually do
> any authentication. But I think it makes a lot of sense to build a
> mechanism into it that allows you to include a piece of verifiable
> data (such as a hash or some other token) that could then be checked
> against an authentication service or a file in the root of your own
> domain (à-la Google Analytics).
How if there's another Ben Ward? Sorry, lot's of people have thought
about this problem in lots of different realms (as I mentioned,
OpenID) and it's intractable.
More information about the microformats-discuss