A start towards Net::OpenID::UserProfile
Brad Fitzpatrick
brad at danga.com
Wed May 25 23:30:46 PDT 2005
On Wed, 25 May 2005, Brent 'Dax' Royal-Gordon wrote:
> [I really need to remember to hit "Reply to all"...]
>
> Brad Fitzpatrick <brad at danga.com> wrote:
> > But we also need a way to tell it that only URLs under the root one can be
> > trusted when making the profile.
>
> I'm not sure I understand this constraint. If I (say) put a <link>
> tag on brentdax.com pointing to my LiveJournal FOAF file, and then
> authenticate through brentdax.com, are you saying that the LiveJournal
> FOAF shouldn't be used? Why not? I, as the owner of that URL, have
> specified that URL as containing the relevant FOAF data; limiting this
> data's use just seems kind of silly to me.
Yeah, you're probably right.
If somebody wanted to be a dick and impersonate somebody else they could
just host their own foaf file which is a clone of it.
I seem to recall it mattering at one point, but I think that was "way
back" when we were doing this based on foaf.
- Brad
More information about the yadis
mailing list