Re: [cors] TAG request concerning CORS & Next Step(s) from Mark S. Miller on 2009-06-25 (public-webapps@w3.org from April to June 2009)

From: Mark S. Miller <erights@google.com>
Date: Wed, 24 Jun 2009 18:53:43 -0700
To: Anne van Kesteren <annevk@opera.com>
Cc: Arthur Barstow <Art.Barstow@nokia.com>, public-webapps <public-webapps@w3.org>, Henry Thompson <ht@inf.ed.ac.uk>
Message-ID: <4d2fac900906241853v7970e6d3i760049880e2a7487@mail.gmail.com>

On Wed, Jun 24, 2009 at 6:39 PM, Mark S. Miller <erights@google.com> wrote:

>
> [1] See for example the section on confused deputy in <
> http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf>. I thought David Wagner's
> Google techtalk explained "ambient authority" especially clearly <David
> Wagner's Google techtalk>. Tyler's "ACLs Don't" <David Wagner's Google
> techtalk> explains well how these problems translate into a web context.
> Kragen Sitaker's <
> http://lists.canonical.org/pipermail/kragen-tol/2000-August/000619.html>
> is still worth reading for more than historic interest. Nine years later, we
> are still discussing "defenses" that don't address the original problem.
>
>
Oops. Weird copy-paste error.

David Wagner's Google techtalk is at <
http://www.youtube.com/watch?v=EGX2I31OhBE>.
Tyler's "ACLs Don't" is at <http://waterken.sourceforge.net/aclsdont/>.

-- 
   Cheers,
   --MarkM

Received on Thursday, 25 June 2009 01:54:22 UTC