Re: [UMP] Proxy-Authorization

On Jan 12, 2010, at 12:29 PM, Adam Barth wrote:

> On Tue, Jan 12, 2010 at 10:51 AM, Tyler Close  
> <tyler.close@gmail.com> wrote:
>> It's not feasible to remove all ambient authority. For example, the
>> client has the authority to send requests from its IP address. So we
>> draw a line between network connectivity and issued credentials.  
>> Proxy
>> credentials provide network connectivity.
>>
>> Also, as a practical matter, disallowing Proxy-Authorization might
>> inhibit use of UMP, since a resource author would be concerned about
>> the loss of users who are required to use a proxy.
>
> RIght, this is the essential point: whether we should remove a piece
> of ambient authority is a risk management decision.  Instead of
> dogmatically stomping out all forms of ambient authority, we ought to
> weigh the costs of removing the authority (in this case compatibility
> issues with existing proxy deployments) with the benefits (greater
> resilience to a class of vulnerabilities).
>
> The reason we have different beliefs about whether CORS or UMP is a
> better protocol is because we perceve the risks and rewards
> differently.  Ultimately, authors are in a better position to weigh
> these factors than we are, which is why we should provide both APIs.

+1

  - Maciej

Received on Tuesday, 12 January 2010 21:24:56 UTC