[cap-talk] Webkeys vs. the web
ihab.awad at gmail.com
ihab.awad at gmail.com
Wed Apr 1 16:57:19 EDT 2009
On Wed, Apr 1, 2009 at 1:48 PM, Karp, Alan H <alan.karp at hp.com> wrote:
> Users have gotten used to using URLs in a way that is incompatible with the
> security properties of webkeys. For example, they are likely to share the
> URL for a webpage, e.g., Account Summary, without considering the security
> implications, e.g., whether or not there's a link on that page for Trade
> Shares.
>
It's worse than that. To the extent that they understand the model, they
have come to expect that they can share *their* Account Summary URL with me,
and that I will see *my* account information displayed (assuming, say, we
share the same bank).
Ihab
--
Ihab A.B. Awad, Palo Alto, CA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20090401/ac24154c/attachment.html
More information about the cap-talk
mailing list