[cap-talk] Ben Laurie's Motivating Example

Toby Murray toby.murray at comlab.ox.ac.uk
Wed Aug 15 06:50:02 EDT 2007 

Ben Laurie has recently posted an interesting "motivating
example" (although motivating what we're yet to find out) on his blog.
It's an interesting "challenge problem" for security and access control
in particular.
http://feeds.feedburner.com/~r/links/ZvUZ/~3/144078467/

>From the post:

> Let us imagine two services. The first we’ll call Facebook. Facebook
> is yet another of those obnoxious social networking services. The
> second we’ll call Flickr. Flickr lets me upload pictures and also acts
> as yet another, perhaps slightly less obnoxious, social network.
> 
> Flickr, being a kind, generous and forward-thinking sort of service,
> is happy to allow other services to build on top of it. It will let
> them link accounts for their users to Flickr accounts and show their
> users Flickr photos from those accounts. Flickr also allows me to
> choose who can see my photos. I can let just anyone see them, I can
> restrict access to my friends or I can make my pictures entirely
> private, so that only I can see them.
> 
> Facebook doesn’t let me upload pictures. But they’re smart - they’ve
> offloaded that bit of tedium to Flickr. You can tell Facebook what
> your Flickr account is, and then Facebook will display your Flickr
> pictures as if they were Facebook’s very own. Whether this is cheap,
> cunning or just good for the user I leave open to debate, but this is
> how these services work.
> 
> The interesting question arises when a friend wants to see my Flickr
> pictures on my Facebook pages (again, whether this is a good or bad
> idea I leave aside, but let’s just agree that people want to do this).
> 
> Now we have an interesting quandary. In fact, two interesting
> quandaries. Or maybe even three. The first arises if my friend is a
> Flickr friend. That is, I have told Flickr that his Flickr account is
> allowed to see my “friends only” pictures. The second if my friend is
> a Facebook friend. That is, I have told Facebook that his Facebook
> account is allowed to see my “friends only” pictures. The third arises
> when I trust Flickr more than Facebook, but this one I will have to
> explain later.

It's one of those examples that appears to scream "capabilities"
straight away; who's current reliance on IBAC is the source of the
challenge problem, not its solution. 

However, trying to come up with a way in which a solution could be
implemented is nonetheless not immediately obvious. For anyone who's
interested, it'd be great to get some discussion going on this one.

Cheers

Toby

More information about the cap-talk mailing list