Re: one-way sameAs and friendOf links

On 19 July 2012 13:54, Michiel de Jong <michiel@unhosted.org> wrote:

> Hi Melvin,
>
> On Thu, Jul 19, 2012 at 1:05 PM, Melvin Carvalho
> <melvincarvalho@gmail.com> wrote:
> > +1 sameAs is going to have to become a fact of life, especially for
> anyone
> > that chooses to use webfinger ... you should read it as :  entity A is
> the
> > same as entity B
>
> I think you may want to rethink that one. You shouldn't just believe
> anything you read. I mean, people obviously sometimes say things that
> aren't true. You would get into situations like this one:
>
> http://www.imdb.com/title/tt0079470/quotes?qt=qt0471978
>
> Therefore, a sameAs claim, or any claim for that matter, should only
> be trusted in the /outgoing/ direction, never in the reverse
> direction, unless cryptographically signed by the other party.
>
> It seems quite fundamental to me. In fact, if your bank would follow
> your advise, then i could easily go there, tell them "#me sameAs
> Melvin Carvalho", and they would hand me all your money, telling you
> "ah, but we just learned from Michiel that entity Michiel is the same
> as entity Melvin." :)
>

Yes, this is called provenance.  Does not change the semantics of the
initial statement.


>
> Cheers,
> Michiel
>
>

Received on Thursday, 19 July 2012 12:07:04 UTC