- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Thu, 8 Sep 2022 14:49:25 -0400
- To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
On Thu, Sep 8, 2022 at 2:31 PM David Chadwick <d.w.chadwick@truetrust.co.uk> wrote: > Thus I conclude that the whole confused deputy argument for why capabilities are better than credentials is a spurious one. David, you seem to be re-defining the precise language Alan is using to describe the problem and the solution with your own definitions (which are ill defined). The terms he is using have formal definitions in computer science, some of which can be found here: https://en.wikipedia.org/wiki/Confused_deputy_problem https://en.wikipedia.org/wiki/Ambient_authority https://en.wikipedia.org/wiki/Capability-based_security https://en.wikipedia.org/wiki/Object-capability_model You need to assert that either: 1) Your solution binds an unforgeable reference to a resource with the operation to be performed (and thus IS a capability), or 2) It doesn't do #1, but addresses the confused deputy and ambient authority problems in some other way. So, let's start there, are you arguing for a non-capabilities based system to be expressed using Verifiable Credentials? If so, how are you solving for (at the very least) ambient authority and confused deputy? -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Thursday, 8 September 2022 18:50:14 UTC