[cap-talk] Webkeys vs. the web
chip at fudco.com
Tue Mar 31 15:21:54 EDT 2009
"Karp, Alan H" <alan.karp at hp.com> wrote:
>>> But if this was a webkey system, it wouldn't *have* that link.
>>It *shouldn't* have that link.
>Your comment got me thinking. That link was probably on the page because the
>page was constructed dynamically based on context. If I had sent the URL for
>the page to you, the link wouldn't have been there because you wouldn't have
>been logged in to my account. In fact, if you were logged into your account,
>then maybe the link to your account would have appeared where I saw the link
>That observation may lead to the solution to Chip's problem. If what appears
>on a page can be tied to the path used to reach it, it should be safe to put
>on a page a link to any page that the user traversed on the path to that page.
That's true as long as the user has traversed through a chain of non-public
links to a page with an unguessable URL. However, the particular problem I was
posing had to do with the transition from a page whose URL could be expected to
More information about the cap-talk