Orkut on Facebook....start of social meta networking ?


I had been toying with the idea of getting orkut to the facebook platform to quite some time now. Well, I just got an invite to a similar application today. In the words of the author,
This application brings you your very own Orkut profile to your Facebook account! You dont have to provide any login or password. All you specify is your Orkut Profile URL!
This definitely is an improvement over sites that require the google credentials. Though the UI of the application is not great, that is an easier problem to fix.
Adding this application to the Facebook lets a write scraps to other on orkut, the only point being that the scrap seems to have sent from an automated Orkut user. The last sentence however states that the identity of the one who has sent a scrap is not verified. This last sentence opens up the a host of possibilities to spam and phished scraps.
Strangely enough, it could be a simple, two step process confirm that a user really hold a particular profile.
  1. The automated orkut user sends a friend request to the the profile that the user claims
  2. After the user logs into the the claimed profile (which is possible only if he owns it)
  3. The user then requests for a 'validation random number' that the automated orkut user sends as a message
  4. The user is then requried to look up the message, and type in the code in the facebook application.
Though steps 1 and 2 seem sufficient, the 'validation random number' is more to stop replay attacks. Though this verifies a user, the user who receives this scrap need not necessarily trust the application. Hence we need another way where the users trust each other, without any dependency of trust on the application.
Now, that problem is more like the one that is solved by digital certificates, only that the Certificate authority in this case should be a lot simpler.
Working on this....would update when I can come up with a solution.