[uf-discuss] Authenticity of Authoritative hCard (was: Re: Vote
on this: rel="me self" to indicate an authoritative hCard)
David Janes
davidjanes at blogmatrix.com
Wed Jan 31 08:32:08 PST 2007
On 1/31/07, Scott Reynen <scott at randomchaos.com> wrote:
> On Jan 31, 2007, at 9:18 AM, David Janes wrote:
>
> > Open ID spells this out up front: authentication is not trust [1].
>
> Nonetheless, people are trying to build trust systems on top of Open ID:
>
> http://simonwillison.net/2007/Jan/22/whitelisting/
>
> This is another topic entirely, but it occurs to me that adding
> something like rel="trust" to the linked names in moderated comments
> would remove the need for a separate whitelist.
>
> Peace,
> Scott
(1)
Note that this just backs up the problem one step. I.e. we had
URI-A claims (via "rel me self") that URI-B is it's authoriative hCard
now we have (via a whitelist) additionally:
URI-C claims URI-A is who he says he is.
Whitelist additions to XFN may be an interested topic to explore!
(2)
It occurs to me that one form of hijacking can be prevented
URI-A: "ben-ward.co.uk": links to "ben-ward.co.uk/about"
URI-B: "ben-ward.co.uk/about". Ben's authorative hCard
URI-X: "BenWardSucks.com": links to "ben-ward.co.uk/about"
Now, if URI-B uses "url" to point back to URI-A, i.e. Ben's home page,
then we have validatation that URI-A is making a claim that URI-B is
agreeing with. On the other hand, URI-X is making an unsubstantiated
claim.
War,
David
--
David Janes
Founder, BlogMatrix
http://www.blogmatrix.com
http://blogmatrix.blogmatrix.com
More information about the microformats-discuss
mailing list