[uf-discuss] Authenticity of Authoritative hCard (was: Re: Vote on this: rel="me self" to indicate an authoritative hCard)

David Janes davidjanes at blogmatrix.com
Wed Jan 31 08:32:08 PST 2007


On 1/31/07, Scott Reynen <scott at randomchaos.com> wrote:
> On Jan 31, 2007, at 9:18 AM, David Janes wrote:
>
> > Open ID spells this out up front: authentication is not trust [1].
>
> Nonetheless, people are trying to build trust systems on top of Open ID:
>
> http://simonwillison.net/2007/Jan/22/whitelisting/
>
> This is another topic entirely, but it occurs to me that adding
> something like rel="trust" to the linked names in moderated comments
> would remove the need for a separate whitelist.
>
> Peace,
> Scott

(1)
Note that this just backs up the problem one step. I.e. we had

URI-A claims (via "rel me self") that URI-B is it's authoriative hCard

now we have (via a whitelist) additionally:

URI-C claims URI-A is who he says he is.

Whitelist additions to XFN may be an interested topic to explore!

(2)
It occurs to me that one form of hijacking can be prevented

URI-A: "ben-ward.co.uk": links to "ben-ward.co.uk/about"
URI-B: "ben-ward.co.uk/about". Ben's authorative hCard
URI-X: "BenWardSucks.com": links to "ben-ward.co.uk/about"

Now, if URI-B uses "url" to point back to URI-A, i.e. Ben's home page,
then we have validatation that URI-A is making a claim that URI-B is
agreeing with. On the other hand, URI-X is making an unsubstantiated
claim.

War,
David

-- 
David Janes
Founder, BlogMatrix
http://www.blogmatrix.com
http://blogmatrix.blogmatrix.com


More information about the microformats-discuss mailing list