[cap-talk] [Caja] w3c tag discuss ocaps, webkeys, ADsafe and Caja
James A. Donald
jamesd at echeque.com
Thu Jan 8 02:44:26 EST 2009
Tyler Close wrote:
> http://www.w3.org/TR/webarch/#id-access
>
> The access-control section is at odds with the core architectural
> principles set forth in the web-arch document. These contradictions
> are the main topic of my web-key paper:
>
> http://waterken.sourceforge.net/web-key/
In order to do web key right, you need the hash of the rule for
recognizing a correct public key in the url, and/or the shared secret in
the url - in which case you need the browser to distinguish these
things, the public key hash so that it can check it, the shared secret
so that it does not include in the referrer header - in which case you
need a format that is not really compatible with existing url format,
thus not really compatible with existing http.
More information about the cap-talk
mailing list