Absolutely.
Say that you have a gadget "i have a crush on", and someone fakes
being you (since the token is plain text thats easy, just replace a
number), and lists you as having a crush on your boss .....
embarrassing!
And that's just from a 'silly game' point of view, imagine you had a
business app that you used to schedule meetings, someone faking your
ID could spam "buy <member enlarging medicine> at this site!" to all
your business contacts... thats beyond embarrassing, that's a business
risk!
Absolutely worst case, you have some gadget that is linked to some
financial source like a credit card, the potential damages there are
huge.
So yes ... verifiable identity and making this identity tamper proof
is serious business and absolutely required in any real life situations.
-- Chris
On May 22, 2008, at 5:24 PM, Gary Helmling wrote:
is there any reason that most implementations would
need that here?
