[cap-talk] A paper on web-keys
Tyler Close
tyler.close at gmail.com
Fri Jan 18 12:23:06 EST 2008
On Jan 18, 2008 9:10 AM, Mark Miller <erights at gmail.com> wrote:
> On Jan 18, 2008 9:07 AM, Tyler Close <tyler.close at gmail.com> wrote:
> > Is there an actual loss of control, or just the appearance of a loss
> > of control?
>
> I would put it slightly differently:
>
> In moving from ACLs to ocaps, administrators will suffer the loss of
> the appearance of control.
That leaves the impression that administrators can have little
control, which isn't true, since web-keys enable the acquisition of
the most important control, the ability to securely assign
accountability. The only thing to be lost is the illusion that the
administrator can somehow know whose finger was on the mouse that
issued a request, and the perception that this is useful information.
--Tyler
--
Use web-keys for RESTful access-control:
http://waterken.sourceforge.net/
Name your trusted sites to distinguish them from phishing sites.
https://addons.mozilla.org/firefox/957/
More information about the cap-talk
mailing list