can we come up with a unified json object to store these data:
"ident" : {
"anonymous" : false,
"fullname" : "",
"proof" : "", # social media url / url to (img) proof
"message" : {
"text" : "",
"signature" : "",
}
}
This is great!
I'm concerned about not signing the proof field. If a delegate was compromised, someone could swap in a forged proof and the signed message would appear to support it.
So I think we need the message to contain the
proof url, and maybe even the
fullname too.
edit:
Actually, I'm thinking every field should be signed. To prevent partial identity hijack,
we need to ensure any change to an "identity" field forces you to re-sign the whole thing.
.. and of course, if people don't want to sign, they don't have to.
But it would be great to have this procedure in place and documented.