[W3C Web Security IG] capability URLs

Hi all,

W3C TAG is currently working on a new specification named Capability URL, and they are expecting feedbacks.
Here is why and what http://www.w3.org/blog/TAG/2014/05/22/capability-urls-feedback/
And the spec expecting your comments is here http://www.w3.org/TR/capability-urls/

Regards,
Virginie
Gemalto
Co-chair of Web Security IG


Note : Extract Capability URL Section 1 Introduction
[...]
There are two broad methods of controlling access to information that is published on the web:

 1.  the server can have access control measures that require people accessing the content to provide the correct token(s) (such as a password) before the content is accessible
 2.  the information can be published at an obscure or unguessable URL, and links to it only provided to people who have permission to access it
The URLs used in the second method are known as "capability URLs": an agent who possesses the URL is given the capability to access the information.
This document describes:

 *   cases where capability URLs are used on the web today
 *   advantages and disadvantages of using capability URLs to control access to content
 *   design considerations when creating websites that use capability URLs
 *   areas of technical development to support the use of capability URLs
[...]


________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus