[cap-talk] Capabilities vs. identity/acl - the rub, rub, rub

Jed at Webstart donnelley1 at webstart.com
Sun Nov 26 13:35:00 CST 2006


Thanks to David H and to Alan K for pointing these out.  I've been aware of
such but haven't really been fully cognizant of them in the capability
context.  Thanks for the clarification.  It gives me more hope for the future
and for a path to network capabilities.

At 05:25 AM 11/22/2006, David Hopwood wrote:
>Jed at Webstart wrote:
> > Have you ever actually received a capability in an email?
> > By "actually" I mean a permission to access something that
> > wasn't assumed to be accessible by the whole world?
>
>Yes. I've had more than one supplier send me URLs that included an
>unguessable string, to allow me to download information that was under
>NDA.
>
>(They were http URLs, and the email was not signed or encrypted, so this
>was insecure against interception and spoofing, but the lacklustre adoption
>of https and secure email is a separate issue to the one you're trying to
>discuss here, I think.)

At 08:27 AM 11/22/2006, Karp, Alan H wrote:
>Jed wrote:
> >
> > Have you ever actually received a capability in an email?
> > By "actually" I mean a permission to access something that
> > wasn't assumed to be accessible by the whole world?
> > Not a copy (e.g. the file in an email example), not a URL
> > open to the world, but shared and limited access or an object?
> >
>It's happening more and more.  Book a car at Hertz.com.  You'll get an
>email with a URL containing your "unguessable" confirmation number.
>Click on that link, and you can change that reservation.  The recent
>SIAM election was done via email.  Members received emails with
>unguessable URLs that took them directly to their ballots.  My mail
>order prescription plan takes the "unguessable" presecription number as
>the authority to order a refill.  Each of these is an example of a
>"permission token that can be communicated".

--Jed http://www.webstart.com/jed/ 




More information about the cap-talk mailing list