[cap-talk] A paper on web-keys
Tyler Close
tyler.close at gmail.com
Fri Jan 18 12:07:11 EST 2008
On Jan 18, 2008 1:19 AM, James A. Donald <jamesd at echeque.com> wrote:
> Tyler Close wrote:
> > One of the WWW 2008 reviewers of this paper wrote:
> >
> > "Capabilities are *always* easier to implement, and
> > the tradeoff is *always* about giving up control."
> >
> > What is the canonical paper to critique in order to
> > rebut the "giving up control" argument? Which paper
> > had so much influence that people like the reviewer
> > believe this fiction to the point of using star
> > quotes?
>
> In an actually useful implementation, one that takes
> advantage of the ways in which capabilities differ from
> ACLs, rather than trying to implement ACLs in
> capabilities, capabilities *will* result in
> administrators losing control - and end users gaining
> control.
Is there an actual loss of control, or just the appearance of a loss
of control? If actual, could you try to state precisely what control
administrators currently have and risk losing, and how that control is
protected by current use of ACLs on the Web? If you could also
determine how you came to have the above opinion, that would also be
useful.
Thanks,
--Tyler
--
Use web-keys for RESTful access-control:
http://waterken.sourceforge.net/
Name your trusted sites to distinguish them from phishing sites.
https://addons.mozilla.org/firefox/957/
More information about the cap-talk
mailing list