[cap-talk] capabilities and re-authentication
dpranke at chromium.org
Fri Jun 10 20:56:30 PDT 2011
On Fri, Jun 10, 2011 at 6:51 PM, James A. Donald <jamesd at echeque.com> wrote:
> On 2011-06-11 10:44 AM, David Barbour wrote:
>> On Fri, Jun 10, 2011 at 3:06 PM, Dirk Pranke<dpranke at chromium.org> wrote:
>>> But, how do I address the second transition? Do we split the
>> capabilities into "My Amazon" and "My Secure Amazon"? How
>> does the user make that transition?
>> A powerbox could serve as a user-model. Typically, the whole powerbox would
>> be revoked once the user is finished, and sensitive authorities may have a
>> time-limit and use-limit before expiring.
> The power box issues several capabilities, one of which lives
> indefinitely, one of which lives for a reasonable time, and one of which
> lives for a quite short time.
Assuming I'm following you properly, that seems like the opposite of
what I want. I would want a powerbox to issue one of two capabilities
with two different authorities at two different points in time,
depending on whether I want the "browsing" or "buying" experience. I
don't want the powerbox to issue two capabilities granting the same
authorities in a single interaction.
More information about the cap-talk