[uf-discuss] Authenticity of Authoritative hCard (was: Re: Vote
on this: rel="me self" to indicate an authoritative hCard)
davidjanes at blogmatrix.com
Wed Jan 31 08:32:08 PST 2007
On 1/31/07, Scott Reynen <scott at randomchaos.com> wrote:
> On Jan 31, 2007, at 9:18 AM, David Janes wrote:
> > Open ID spells this out up front: authentication is not trust .
> Nonetheless, people are trying to build trust systems on top of Open ID:
> This is another topic entirely, but it occurs to me that adding
> something like rel="trust" to the linked names in moderated comments
> would remove the need for a separate whitelist.
Note that this just backs up the problem one step. I.e. we had
URI-A claims (via "rel me self") that URI-B is it's authoriative hCard
now we have (via a whitelist) additionally:
URI-C claims URI-A is who he says he is.
Whitelist additions to XFN may be an interested topic to explore!
It occurs to me that one form of hijacking can be prevented
URI-A: "ben-ward.co.uk": links to "ben-ward.co.uk/about"
URI-B: "ben-ward.co.uk/about". Ben's authorative hCard
URI-X: "BenWardSucks.com": links to "ben-ward.co.uk/about"
Now, if URI-B uses "url" to point back to URI-A, i.e. Ben's home page,
then we have validatation that URI-A is making a claim that URI-B is
agreeing with. On the other hand, URI-X is making an unsubstantiated
More information about the microformats-discuss