Re: [UMP] Proxy-Authorization

On Tue, Jan 12, 2010 at 3:04 PM, Adam Barth <> wrote:
> On Tue, Jan 12, 2010 at 1:59 PM, Tyler Close <> wrote:
>> On Tue, Jan 12, 2010 at 12:29 PM, Adam Barth <> wrote:
>>> On Tue, Jan 12, 2010 at 10:51 AM, Tyler Close <> wrote:
>>>> It's not feasible to remove all ambient authority. For example, the
>>>> client has the authority to send requests from its IP address. So we
>>>> draw a line between network connectivity and issued credentials. Proxy
>>>> credentials provide network connectivity.
>>>> Also, as a practical matter, disallowing Proxy-Authorization might
>>>> inhibit use of UMP, since a resource author would be concerned about
>>>> the loss of users who are required to use a proxy.
>>> RIght, this is the essential point: whether we should remove a piece
>>> of ambient authority is a risk management decision.  Instead of
>>> dogmatically stomping out all forms of ambient authority,
>> Are you really accusing me of being dogmatic, or is this just more of
>> your hyperbole?
> Quite to the contrary, you're *not* being dogmatic, which is my point.
>  We ought not to be dogmatic about banning ambient authority because,
> as you say, that's impractical.  Instead we ought to consider the
> risks and rewards on a case-by-case basis.
>> Your arguments are frequently misleading because their
>> reasoning relies upon your use of hyperbole. In this case, by
>> characterizing my argument as dogma, you avoid addressing the
>> distinction I've drawn between network connectivity and credentials
>> issued by a resource host. I think it's a principled and useful
>> distinction and have explained why. Instead of logic, you respond with
>> hyperbole.
> I'm not sure what you mean by hyperbole, but I agree with you that
> there's a distinction between network connectivity and credentials
> issued by a resource host.  Credentials issued by a resource host are
> both higher risk and higher benefit than network connectivity
> credentials.  How these risks and benefits balance varies depending on
> the deployment scenario.

Thank you for addressing this distinction.

Hyperbole is extreme and misleading exaggeration. In some cases, your
arguments take the form of presenting a choice between your position
and an obviously ridiculous position. For example, above you say we
must choose between a case-by-case approach and a dogmatic approach.
Such arguments preclude the existence of a third way that is not
ridiculous. In the above case, I am advocating such a third way. I
think we can take a principled approach that establishes the criteria
by which we decide what ambient authority is allowed: network
connectivity versus credentials issued by a resource host. The
advantage of a principled approach versus a case-by-case approach is
that it establishes the goal to be achieved and so creates a coherent
policy that others can implement to. In contrast, the Same Origin
Policy was clearly defined on a case-by-case basis and so has become

The form of argument you used in this case is known as a "false
dichotomy". Please refrain from using this tactic. It is deceptive. Be
careful whenever you engage in exaggeration. It is always misleading,
and often rude.

>> Even if we put out two APIs, one will become dominant.
> Right, the market will decide which protocol is most useful (i.e.,
> creates the most value).  That seems like a good thing.

That would abdicate our responsibility as a standards body. If that's
the best we can accomplish in this case, then so be it. It is not what
we should be aiming for. Sometimes, choosing a standard way creates
the most value. I believe this is one of those cases.


"Waterken News: Capability security on the Web"

Received on Wednesday, 13 January 2010 01:22:59 UTC