[cap-talk] URL fragment identifiers for capability tokens
Ka-Ping Yee
cap-talk at zesty.ca
Tue Feb 6 20:33:00 CST 2007
Ben Adida proposes putting the secret part of a capability URL
in the fragment identifier rather than the path or query, so that
JavaScript can process the token locally but the token is never
sent over the wire.
http://benlog.com/articles/2007/02/06/beamauth-two-factor-web-authentication-with-a-bookmark/
http://ben.adida.net/research/fragtoken-20070203.pdf
-- ?!ng
More information about the cap-talk
mailing list