Daniel Feygin <[EMAIL PROTECTED]> Fri, 9 Nov 2007 13:58:46 >Sounds fine in theory, but where is the assurance that mbox_sha1sum is >derived from a verified email address? Being public data, you can take >this value from any FOAF instance you need and pretend to be that >person to a third-party app within a controlled container. Is there >anything that would prevent impersonation like that?
Not much of anything really. However in real life you get layers of proof and trust built up. I trust John Doe on site A where they say they have Skype ID JD. On Site B somebody says they are John Doe and also says they have Skype ID JD. And so on. Then there's the point that most SNs require you to verify your email address and it's that which is then used to generate the hash. Do on that on three sites which then generate the same hash and there's a good chance that the person is the same. No it's not perfect. Is it good enough? Probably. -- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat *** Just Say No To DRM *** --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---
