- From: Ben Laurie <benl@google.com>
- Date: Wed, 26 Sep 2012 16:48:29 +0100
- To: Kingsley Idehen <kidehen@openlinksw.com>
- Cc: Henry Story <henry.story@bblfish.net>, "public-webid@w3.org" <public-webid@w3.org>, Andrei Sambra <andrei@fcns.eu>
On 26 September 2012 14:24, Kingsley Idehen <kidehen@openlinksw.com> wrote: > On 9/26/12 8:06 AM, Ben Laurie wrote: >> >> http://en.wikipedia.org/wiki/Object-capability_model gives an overview. > > > The item above was enough. That's what Linked Data facilitates, at > Web-scale, due to underlying architecture of the world wide web. > > You have data object resources. Each is identified using a de-referencable > URI. The representation of a data object is a graph, its been so forever, > and long before Web ubiquity. > > Once we put the terminology distractions aside, you'll find that your object > capabilities == my acls :-) No, the point you are missing is that in capabilities the _only_ authority I need to access a resource is the name of that resource - the URI in your case. Security derives from the unforgeability of the URI, rather than an independent system that decides if some principal has permission. The problem that best shows the critical difference betweens caps and ACLs is the confused deputy problem: http://en.wikipedia.org/wiki/Confused_deputy_problem.
Received on Wednesday, 26 September 2012 15:49:03 UTC