Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow site owners to mark some rel="me" links as being unsuitable for contacting them #175

Dan-Q opened this issue Jan 21, 2018 · 2 comments


Copy link

@Dan-Q Dan-Q commented Jan 21, 2018

I imagine that this might be best done via additional microformat metadata, something along the lines of:

<link rel="me non-authoritative" href="" />

Indieauth (and ideally other authentication) providers would not consider such links to be valid targets for identity verification, but other metadata parsers would still consider that the resulting URL represents "me" (the person).

The following use-cases illustrate why this is important:

  1. A user who delegates their third-party account to a less-trusted party (e.g. Twitter does not support delegated permissions, and so some people share their password with an underling who manages their social media: the Twitter account still represents them, but should not be trusted for authentication).
  2. A user who does not trust the level of protection provided by the authentication systems of a platform, but who still wishes to identify themselves with it. For example, a user might not personally consider GitHub's authentication strategy to be sufficiently strong to protect their identity for all purposes, but still maintain a GitHub account. In this case, they'd want to be able to use rel="me" links to identify that it was "their" GitHub account, but might not want it to be able to be used to authenticate as them.
Copy link

@aaronpk aaronpk commented Feb 27, 2018

This has been discussed a bit more on the IndieWeb wiki:

This is a question for the RelMeAuth spec, which implements. I like the idea, it's just a matter of figuring out the best rel value now.

Copy link

@aaronpk aaronpk commented Nov 19, 2018

A variation of this has been implemented on now! You can read about it here

I won't be adding any new features to as I am in the process of phasing it out.

@aaronpk aaronpk closed this Nov 19, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

No branches or pull requests

2 participants