Yahoo available AX attrs - backchannel/endpoint URLs
SitG Admin
sysadmin at shadowsinthegarden.com
Fri Dec 11 05:14:08 UTC 2009
>I think I messed the double negative above: I meant everything except
>explicit APIs with support SLAs are liable to change.
As a cheaper (but less geek-friendly) solution, couldn't Relying
Parties have JS to read the "image" data *and* (before
loading/running it) instructing the user's browser to hash it, seeing
if it matched the "clean" value a RP had generated/stored/displayed
for it after confirming that it was safe? If not, the browser could
be instructed to (alternatively) display a generic "this user has a
new icon that has not yet been checked" profile image instead.
-Shade
More information about the specs
mailing list