W3C home > Mailing lists > Public > public-webid@w3.org > September 2012

Re: WebID questions -- was: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME"

From: Ben Laurie <benl@google.com>
Date: Wed, 26 Sep 2012 16:48:29 +0100
Message-ID: <CABrd9SQs9+nYtEJ+RDixiYnD0NNRyDB5dp-aE6MziCr=toOQQA@mail.gmail.com>
To: Kingsley Idehen <kidehen@openlinksw.com>
Cc: Henry Story <henry.story@bblfish.net>, "public-webid@w3.org" <public-webid@w3.org>, Andrei Sambra <andrei@fcns.eu>
On 26 September 2012 14:24, Kingsley Idehen <kidehen@openlinksw.com> wrote:
> On 9/26/12 8:06 AM, Ben Laurie wrote:
>> http://en.wikipedia.org/wiki/Object-capability_model  gives an overview.
> The item above was enough. That's what Linked Data facilitates, at
> Web-scale, due to underlying architecture of the world wide web.
> You have data object resources. Each is identified using a de-referencable
> URI.  The representation of a data object is a graph, its been so forever,
> and long before Web ubiquity.
> Once we put the terminology distractions aside, you'll find that your object
> capabilities == my acls :-)

No, the point you are missing is that in capabilities the _only_
authority I need to access a resource is the name of that resource -
the URI in your case. Security derives from the unforgeability of the
URI, rather than an independent system that decides if some principal
has permission.

The problem that best shows the critical difference betweens caps and
ACLs is the confused deputy problem:
Received on Wednesday, 26 September 2012 15:49:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:35 UTC