On Nov 9, 11:08 am, Julian Bond <[EMAIL PROTECTED]> wrote: > What the foaf people did was to use sha1(mailto:[EMAIL PROTECTED]) > and named it mbox_sha1sum. It's assumed that any one email address (used > for identification) and hence it's hash, maps to only one person. And > the Hash obfuscates the email address just enough to get over email > privacy issues. And further that someone's primary email address will > turn up somewhere on their profile on every social network they belong > to. >
Sounds fine in theory, but where is the assurance that mbox_sha1sum is derived from a verified email address? Being public data, you can take this value from any FOAF instance you need and pretend to be that person to a third-party app within a controlled container. Is there anything that would prevent impersonation like that? Daniel > > -- > Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 > Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 > Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat > *** Just Say No To DRM *** --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---
