- From: Adam Barth <w3c@adambarth.com>
- Date: Mon, 14 Dec 2009 10:16:29 -0800
- To: Jonathan Rees <jar@creativecommons.org>
- Cc: Maciej Stachowiak <mjs@apple.com>, "Mark S. Miller" <erights@google.com>, Jonas Sicking <jonas@sicking.cc>, Arthur Barstow <Art.Barstow@nokia.com>, Tyler Close <tyler.close@gmail.com>, Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
On Mon, Dec 14, 2009 at 5:53 AM, Jonathan Rees <jar@creativecommons.org> wrote: > The only complaint I know of regarding UM is that it is so complicated > to use in practice that it will not be as enabling as CORS Actually, Tyler's UM protocol requires the user to confirm message 5 to prevent a CSRF attack. Maciej's CORS version of the protocol requires no such user confirmation. I think it's safe to say that asking the user to confirm security-critical operations is not a good approach. > Regarding the idea that UM is unproven or undeployed - I think this is > a peculiar charge given that object-oriented programming dates from > 1967, and actors date from 1973; and current use of the capability > pattern, for example in email list validation, shared calendar access > control, and CSRF defense (Mark can probably provide many other and > better examples), *is* something we can build on. Ocaps have been > essentially unchanged for 40 years, with essentially no elaboration or > revision despite heavy stress testing. AFAIK the academic and > practical security communities have not converged on any distributed > (i.e. multilateral) access control system *other* than capabilities. You're really overstating your case to the point where it's ridiculous. Adam
Received on Monday, 14 December 2009 18:17:22 UTC