A start towards Net::OpenID::UserProfile

Brad Fitzpatrick brad at danga.com
Wed May 25 23:30:46 PDT 2005

On Wed, 25 May 2005, Brent 'Dax' Royal-Gordon wrote:

> [I really need to remember to hit "Reply to all"...]
> Brad Fitzpatrick <brad at danga.com> wrote:
> > But we also need a way to tell it that only URLs under the root one can be
> > trusted when making the profile.
> I'm not sure I understand this constraint.  If I (say) put a <link>
> tag on brentdax.com pointing to my LiveJournal FOAF file, and then
> authenticate through brentdax.com, are you saying that the LiveJournal
> FOAF shouldn't be used?  Why not?  I, as the owner of that URL, have
> specified that URL as containing the relevant FOAF data; limiting this
> data's use just seems kind of silly to me.

Yeah, you're probably right.

If somebody wanted to be a dick and impersonate somebody else they could
just host their own foaf file which is a clone of it.

I seem to recall it mattering at one point, but I think that was "way
back" when we were doing this based on foaf.

- Brad

More information about the yadis mailing list