[cap-talk] OAuth vs. CapDoc contrast
Karp, Alan H
alan.karp at hp.com
Sun Sep 30 20:34:38 EDT 2007
Jed wrote:
>
> In response to my questions Blaine Cook said:
>
> "OAuth is intended to replace Basic authentication"
>
And that's the fundamental flaw, it's IBAC, not ABAC. That explains the
(potential) excess authority described in Appendix B.9, the inability to
delegate further, and the fact that it's use model is restricted. It
may also contribute to the complexity of the protocol.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list