[cap-talk] YURLs. What is the model of development?

David Wagner daw at cs.berkeley.edu
Fri Nov 25 16:43:46 EST 2005


David Chizmadia writes:
>From: "Sandro Magi" <smagi at naasking.homeip.net>
>> Is it possible to interject some sort of authentication step before a 
>> capability request is satisfied? In explaining the web-calculus to 
>> others, they've often expressed dismay that the unguessable URL is the 
>> only authentication required to access a resource. Their main concern is 
>> that a user might inadvertently leak a URL to a third party who 
>> shouldn't have access to the resource.
>
>    Of course, the underlying problem is a complete failure on 
>the part of those looking for the extra authentication to 
>understand the concept of capability discipline, but if this 
>provides comfort, it is worth it.

I don't understand your comment.  This is not about comfort and warm
fuzzies.  This is about what seems to me to be a valid real-world concern.
Framing this as about "comfort" leaves the impression that you consider
this to be not a real problem and the questioner not thoughtful enough
to understand why.  If the goal is to see capabilities more widely used,
this kind of response seems, quite frankly, more likely to put people off
than to win converts.  I'd think that patient education and explanation of
your preferred solution is going to be a lot more effective than telling
people they don't understand capability discipline.  Perhaps you could
explain what is a better solution to this problem that is more in keeping
with capability discipline.  I like to think that anyone who is reading
this list is likely to be interested enough to listen to your preferred
solution, and thoughtful enough to have the capacity to understand.


More information about the cap-talk mailing list