Jeremy Smith's blog

Entry Is Labelled

hCard + OpenID

Two posts, hCard for OpenID Simple Registration and Attribute Exchange and Replacing OpenID SREG with hCard part 1: Modest proposals, concerning extending OpenID with an attribute exchange mechanism (which is hard), namely hCard. The one huge whole I see in it is that I don't want just anybody being able to scrape information like my birthday, for example. How does one go about making this a secure transaction?

Comments

  1. gravatar

    Actually, Will Norris has written this up:

    http://willnorris.com/2007/11/hcard-is-not-a-provisioning-engine-for-private-data

    Our biggest concern is not reinventing a profile data format. Attribute Exchange could still certainly be the bearer of the data or the mechanism of exchange; it's simply about not using new attributes when a perfectly good set of attributes already exists:

    http://microformats.org/wiki/attribute-exchange

Post a comment