[e-lang] web services constraints and capabilities workshop
list at waterken.net
Fri Jul 16 11:38:51 EDT 2004
David Hopwood wrote:
> bry at xdocs.dk wrote:
>> not sure if everyone here has seen this:
> Doesn't sound as if they mean "capabilities" in the security sense, but we
> don't need to let that stop us.
>> might be nice to get some E or mozart papers there, especially as it
>> would give
>> me ammo for arguing with all the soap-heads around here. ;)
> A position paper about the Web Calculus would be a Good Thing (Tyler?) --
If I were to write a paper for this workshop, it would probably be about
how capability-based security can be used to implement authorization
without any changes to the application interaction patterns or data
formats. For example, today's WWW browsers are fully functional clients
of a web-calculus application.
Since the application interaction patterns don't change, there's no need
for a framework to describe the changes, or which changes are being used
by a particular service. The whole quagmire can be deftly avoided.
Unfortunately, I doubt the sponsors or participants of this workshop
would be receptive to this message. The host organization has gone to a
lot of effort to create security extensions and would probably not be
thrilled by the message that this work is more problem than solution.
The workshop is being held at a very convenient location for me, so I
could make an attempt of some kind. Any thoughts on what we might hope
to achieve and how best to accomplish it?
The web-calculus is the union of REST and capability-based security.
More information about the e-lang