W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Re: Scientific Literature on Capabilities (was Re: CORS versus Uniform Messaging?)

From: Tyler Close <tyler.close@gmail.com>
Date: Mon, 14 Dec 2009 16:52:39 -0800
Message-ID: <5691356f0912141652n213854cbi76a877b17b4b54b0@mail.gmail.com>
To: Maciej Stachowiak <mjs@apple.com>
Cc: "Mark S. Miller" <erights@google.com>, Adam Barth <w3c@adambarth.com>, Jonas Sicking <jonas@sicking.cc>, Arthur Barstow <Art.Barstow@nokia.com>, Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
On Sun, Dec 13, 2009 at 6:15 PM, Maciej Stachowiak <mjs@apple.com> wrote:
> There seem to be two schools of thought that to some extent inform the
> thinking of participants in this discussion:
> 1) Try to encourage capability-based mechanisms by not providing anything
> that lets you extend the use of origins and cookies.
> 2) Try to build on the model that already exists and that we are likely
> stuck with, and provide practical ways to mitigate its risks.

My own perspective on this is:
3) In scenarios involving more than 2 parties, the ACL model is
inherently vulnerable to CSRF-like problems. So, for cross-origin
scenarios, a non-ACL model solution is needed.

The above is a purely practical perspective. When writing or auditing
code, UM provides a way to eliminate an entire class of attacks. I
view it the same way I do moving from C to a memory safe language to
avoid buffer overflow and related attacks.

--Tyler

-- 
"Waterken News: Capability security on the Web"
http://waterken.sourceforge.net/recent.html
Received on Tuesday, 15 December 2009 00:53:21 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:35 GMT