On Thu, Oct 1, 2009 at 11:11 AM, Tad Glines <[email protected]> wrote: > Another question: including the "contributor" element in the blib > would seem to allow simple forgery (which allows for phishing). Any > wave client should instead display as contributor the id of all > participants for which there is a delta modifying that blip.
In the spec it states: "Individual contributors are responsible for adding themselves to this list. This allows for "trivial" contributors such as annotators to voluntarily omit themselves. Absolute contributor information may be recovered from the operation history if required." Despite the extra processing required, I still think a secure client should present history validated contributor information. An annotator should not be able to hide from a user who wishes to know about ALL contributors. Especially in a case where an annotation alters the meaning of a blip through style changes (e.g. changing the font size and color of text to cause content to not be user visible). -Tad --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en -~----------~----~----~----~------~----~------~--~---
