You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Indieauth (and ideally other authentication) providers would not consider such links to be valid targets for identity verification, but other metadata parsers would still consider that the resulting URL represents "me" (the person).
The following use-cases illustrate why this is important:
A user who delegates their third-party account to a less-trusted party (e.g. Twitter does not support delegated permissions, and so some people share their password with an underling who manages their social media: the Twitter account still represents them, but should not be trusted for authentication).
A user who does not trust the level of protection provided by the authentication systems of a platform, but who still wishes to identify themselves with it. For example, a user might not personally consider GitHub's authentication strategy to be sufficiently strong to protect their identity for all purposes, but still maintain a GitHub account. In this case, they'd want to be able to use rel="me" links to identify that it was "their" GitHub account, but might not want it to be able to be used to authenticate as them.
The text was updated successfully, but these errors were encountered:
I imagine that this might be best done via additional microformat metadata, something along the lines of:
<link rel="me non-authoritative" href="https://twitter.com/example" />
Indieauth (and ideally other authentication) providers would not consider such links to be valid targets for identity verification, but other metadata parsers would still consider that the resulting URL represents "me" (the person).
The following use-cases illustrate why this is important:
The text was updated successfully, but these errors were encountered: