[cap-talk] Confused Deputy (definitions)

Charles Landau clandau at macslab.com
Thu Oct 26 22:26:46 CDT 2006


At 4:54 PM -0700 10/25/06, Jed at Webstart wrote:
>I'm not sure the best way out of this situation.  Updates to
>the Wikipedia definitions await...

Can we agree that the passwd example currently at 
http://en.wikipedia.org/wiki/Confused_Deputy is an example of Ping's 
pattern #3, not #2, and is really not appropriate?

>In the mean time should we
>(I since I guess I'm the culprit) remove the linking between the
>Confused Deputy and the Cross-site request forgery definitions?
>I'm in favor of that approach.

Me too. I was definitely confused trying to figure out the connection, if any.

>I think perhaps the original "Confused Deputy" example in its pure
>form is obscure enough and specific enough to an architecture that
>no longer exists that it may not be appropriate to link it to more
>current issues.  Do others feel that it has current relevance?

I do.

>I certainly
>don't want to seem to be tying the importance of the capability
>approach to authorization to such an obscure problem that's not
>significantly at issue in modern systems.

I would like to replace the passwd example with an example that 
follows Ping's pattern #2, but phrased in Unix terms which will be 
more relevant and updated than Norm's example. Can someone who is 
more familiar with Unix than I am suggest such an example?


More information about the cap-talk mailing list