[cap-talk] Please help us understand a protocol
Mark Miller
erights at gmail.com
Tue Sep 25 14:52:19 EDT 2007
<http://oauth.net/documentation/spec> presents the OAuth protocol,
whose purpose seems to be more flexible identity-based access control
for the web. At
<http://journals.aol.com/panzerjohn/abstractioneer/entries/2007/09/21/oauth-your-valet-key-for-the-web/1550>,
the main claim made for OAuth seems to POLA. They use the metaphor of
the valet key, which is one we've used to explain how capabilities
differ from ACLs (<http://eros-os.org/essays/capintro.html>,
<http://combex.com/tech/edesk.html>). However, the OAuth spec is
complex and not explained in access control terms. I do notice some
things which might be capability-like, or perhaps
split-capability-like, but I can't tell. From an access control
perspective, what kind of thing is OAuth? How is valet-key-like
authority expressed and communicated in OAuth? Is it vulnerable to
confused deputy problems? How would it handle Ben's "Motivating
Example" <http://www.links.org/?p=246> or Alan's Zebra Copy scenario
<http://www.hpl.hp.com/techreports/2007/HPL-2007-105.pdf>?
Given the backers of OAuth, it would be valuable for us to understand
it in access control terms, and to explain how its properties relate
to IBAC, ABAC, and capability-based access control.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list