[cap-talk] Webkeys vs. the web

[Bill Frantz]

naasking at higherlogics.com (Sandro Magi) on Saturday, April 11, 2009 wrote:

>I'll take my turn at it: I think we need to distinguish public objects
>from authority bearing objects differently in the URL, and provide a
>Monash-style transformation such that the authority bearing portion of
>the URL is user-specific; thus, even if a URL is shared, the authority
>bearing portions of the URL are not useful or meaningful to any recipients.
>
>For instance, using Chip's example of a public mailing list page:
>
>http://host.com/lists/public-list-1
>
>As a logged in user, my URL would consist of something like:
>
>http://host.com/lists/public-list-1?key=akd834jm9d7h2js58jkf0c7j2
>
>Unlike in Waterken, the above URL is not a capability, but an encrypted
>(nonce, object id) pair. The nonce is a user-specific swiss number used
>to encode the underlying object id, ie. URL object id = encode(nonce,
>object capability).
>
>The encrypted nonce is also stored in an authenticated user's cookies.
>The cookie nonce and URL nonce must match for the object id to be valid.
>Another user visiting my logged in URL will not have a matching nonce,
>and so get only the public portion of the page with a login link instead
>of an account link (the account being the object id). Logging in
>extracts the user nonce from storage.

This proposal has some of the same properties as using SPKI certificates as
capabilities. In the SPKI case, unless you have the private key, the
certificate is worthless. Delegation is performed by an already authorized
key specifically creating a new certificate in the chain. In both cases,
having the bits of the "capability" does not give you the authority.

Cheers - Bill

-------------------------------------------------------------------------
Bill Frantz        | Airline peanut bag: "Produced  | Periwinkle
(408)356-8506      | in a facility that processes   | 16345 Englewood Ave
www.pwpconsult.com | peanuts and other nuts." - Duh | Los Gatos, CA 95032