On 1/31/07, Scott Reynen <[EMAIL PROTECTED]> wrote:
On Jan 31, 2007, at 9:18 AM, David Janes wrote:
> Open ID spells this out up front: authentication is not trust [1].
Nonetheless, people are trying to build trust systems on top of Open ID:
http://simonwillison.net/2007/Jan/22/whitelisting/
This is another topic entirely, but it occurs to me that adding
something like rel="trust" to the linked names in moderated comments
would remove the need for a separate whitelist.
Peace,
Scott
(1)
Note that this just backs up the problem one step. I.e. we had
URI-A claims (via "rel me self") that URI-B is it's authoriative hCard
now we have (via a whitelist) additionally:
URI-C claims URI-A is who he says he is.
Whitelist additions to XFN may be an interested topic to explore!
(2)
It occurs to me that one form of hijacking can be prevented
URI-A: "ben-ward.co.uk": links to "ben-ward.co.uk/about"
URI-B: "ben-ward.co.uk/about". Ben's authorative hCard
URI-X: "BenWardSucks.com": links to "ben-ward.co.uk/about"
Now, if URI-B uses "url" to point back to URI-A, i.e. Ben's home page,
then we have validatation that URI-A is making a claim that URI-B is
agreeing with. On the other hand, URI-X is making an unsubstantiated
claim.
War,
David
--
David Janes
Founder, BlogMatrix
http://www.blogmatrix.com
http://blogmatrix.blogmatrix.com
_______________________________________________
microformats-discuss mailing list
microformats-discuss@microformats.org
http://microformats.org/mailman/listinfo/microformats-discuss
