Yahoo available AX attrs - backchannel/endpoint URLs

[SitG Admin]

>I think I messed the double negative above: I meant everything except
>explicit APIs with support SLAs are liable to change.

As a cheaper (but less geek-friendly) solution, couldn't Relying 
Parties have JS to read the "image" data *and* (before 
loading/running it) instructing the user's browser to hash it, seeing 
if it matched the "clean" value a RP had generated/stored/displayed 
for it after confirming that it was safe? If not, the browser could 
be instructed to (alternatively) display a generic "this user has a 
new icon that has not yet been checked" profile image instead.

-Shade