W3C home > Mailing lists > Public > public-webid@w3.org > September 2012

Re: WebID questions -- was: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME"

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Thu, 27 Sep 2012 09:36:30 -0400
Message-ID: <5064565E.1020702@openlinksw.com>
To: Ben Laurie <benl@google.com>
CC: public-webid@w3.org
On 9/27/12 7:26 AM, Ben Laurie wrote:
>>> So, the point is this: object capabilities are a security mechanism,
>>> >>like ACLs. Their purpose is to restrict access to resources to only
>>> >>the intended accessors.
>> >
>> >
>> >A security mechanism can be an object capability.
> What do you mean by this?

There is a relationship between an resource owner entity, a document 
entity, and an acl rule (another entity) that enables resource access 
control, which in my world view is a capability.

>> >
>> >
>>> >>
>>> >>With URIs, there are two obvious ways to implement this:
>>> >>
>>> >>1. Make the URIs unguessable - so, I only get access to the resource
>>> >>if someone tells me the URI.
>> >
>> >
>> >Yes. Also remember that if privacy is about self-calibration of one's
>> >vulnerabilities then the resource publisher is the URI progenitor. These
>> >days, URI creation, discovery, and propagation will occur via tweets, sms,
>> >blog posts, email etc.. Increasingly, folks with discover URIs
>> >serendipitously.
>> >
>> >
>>> >>
>>> >>2. Link the URI to a public key - so, I only get access to the
>>> >>resource if I can prove I have the corresponding private key.
>>> >>
>>> >>The problem with 1 is that the nature of URIs makes it hard to keep
>>> >>them secret.
>> >
>> >
>> >They should never be secret. Just like keeping email addresses secret is a
>> >flaw that reflects folks accepting system deficiency etc..
> Well, if they are not secret, then you do not get the security benefit
> and you end up having to use ACLs, which makes you vulnerable to the
> confused deputy problem.

Only in a totalitarian state.

>>> >>People like to send them in emails and IMs and they leak
>>> >>quite easily.
>> >
>> >
>> >See comment above.
>> >
>> >
>>> >>
>>> >>The problem with 2 (which, it should be obvious, fits quite neatly
>>> >>with WebIDs) is that it requires changes to clients and servers to do
>>> >>the key proof. Or maybe not, actually ... I guess it could be done at
>>> >>the back end, wherever you do ACL checks, by instead correlating the
>>> >>URI and the key presented in the WebID cert.
>> >
>> >Yes, and that's what those of us showcasing WebID based ACLs are doing. We
>> >are leveraging existing technology supported by browsers, email clients
>> >etc..
> You are showcasing ACLs, which, as I have said, have not served us
> well, and have known problems.

Put the letters A-C-L aside, I am demonstrating the ability to constrain 
access to data based on logic. I don't simply have a list of WebIDs or 
WebIDs for groups. I have actual query logic at my disposal too re., 
this capability. Said query logic is webby i.e., it work transitively 
over the Giant Global Graph (GGG) that is the Web.



Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Received on Thursday, 27 September 2012 13:37:05 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:35 UTC