[cap-talk] sending anyone in the world a capability
John Carlson
john.carlson3 at sbcglobal.net
Wed Oct 17 22:15:48 EDT 2007
Should we provide an interface such that anyone in the world can be
sent capability,
and that capability has just enough description (or perhaps just
allows the receiver to
send messages back to the sender) such that the person will know if
it's a good idea
to invoke operations on the capability? I know YURLs and Email or
XMPP provide
good solutions. Perhaps I am looking for a service which can take a
partial YURL and it
will describe what the capability is before the user invokes it. Like
https://describeyurl.org/describeurl?yurl=https://coderextreme.net/
dbyurl#8abc3484883def
<plus another private piece of the yurl which isn't sent to
describeyurl.org>
People could gain confidence that describeyurl.org would provide
accurate explanations.
What I am thinking is that the YURL sent to describeyurl.org would
not be the entire capability,
and therefore, the capability wouldn't be leaked. There would be a
public and private
part to the YURL. The public part would be sent to describeyurl.org
and both the public
and private parts would be sent to coderextreme.net when the
capability is invoked.
Is anyone doing something like this? Is this OAuth in another form?
The user interface might be a link with a tool tip which is retrieved
from describeyurl.org
Is this a centralized petname service? I am also thinking that the
description could
contain method names for the user to choose from.
Probably I am just rehashing old ideas. Perhaps providing a safe web
browser would
be sufficient to fix these problems. I am thinking about using man-
in-the-middle
for the good of the planet.
John
More information about the cap-talk
mailing list