A. Pagaltzis wrote:
> But it breaks down for the aggregate feeds published by third parties.
> If look at more convoluted examples, it fast turns into web of
> trust territory...
You are correct -- with one caveat. If entries are signed, which
Atom supports, you have a mechanism that allows you to trust statements that
copies of entries make about their source feeds. This is precisely why we at
PubSub so strongly supported the introduction of digital signatures into
Atom and why we consider this to be one of the really significant advantages
of Atom over existing RSS definitions. (Yes, I realize that no one signs
entries. But, that is a problem to be dealt with later...)
If an entry is not signed, or if you don't have the means to
validate the signature, then you are stuck simply trusting the third parties
from whom you receive copies of entries. Yes, we've entered into "web of
trust territory." This explains why I have in the past argued that synthetic
or aggregate feeds should be explicitly tagged as such or that we should
*require* that source data be inserted into all copies of entries. (I really
do not like the "May" and "Should" words concerning atom:source in the
current draft.)
For a service like PubSub's, what we'll probably do is consider any
entry copies that we discover to be somewhat equivalent to "pings." i.e. if
we see something with a "foreign" source, we'll probably want to check that
source to validate the copied entry before we republish it. (Note: I'm not
sure what we'll do if the entry has been purged from the source-feed...
Perhaps, we could flag it as "questionable"???) I don't however, expect
personal aggregators to do this and I expect that those who take feeds from
us will learn that they can trust us to properly validate things. Thus, they
won't need to be as rigorous as we must be.
In the absence of signatures, you have no choice but to trust your
intermediaries. There is no design that can change that. We're going to be
working hard to make sure you can trust PubSub.
bob wyman
