Re: WebID questions -- was: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME" from Kingsley Idehen on 2012-09-27 (public-webid@w3.org from September 2012)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Thu, 27 Sep 2012 09:36:30 -0400
To: Ben Laurie <benl@google.com>
CC: public-webid@w3.org
Message-ID: <5064565E.1020702@openlinksw.com>

On 9/27/12 7:26 AM, Ben Laurie wrote:
>>> So, the point is this: object capabilities are a security mechanism,
>>> >>like ACLs. Their purpose is to restrict access to resources to only
>>> >>the intended accessors.
>> >
>> >
>> >A security mechanism can be an object capability.
> What do you mean by this?

There is a relationship between an resource owner entity, a document 
entity, and an acl rule (another entity) that enables resource access 
control, which in my world view is a capability.

>> >
>> >
>>> >>
>>> >>With URIs, there are two obvious ways to implement this:
>>> >>
>>> >>1. Make the URIs unguessable - so, I only get access to the resource
>>> >>if someone tells me the URI.
>> >
>> >
>> >Yes. Also remember that if privacy is about self-calibration of one's
>> >vulnerabilities then the resource publisher is the URI progenitor. These
>> >days, URI creation, discovery, and propagation will occur via tweets, sms,
>> >blog posts, email etc.. Increasingly, folks with discover URIs
>> >serendipitously.
>> >
>> >
>>> >>
>>> >>2. Link the URI to a public key - so, I only get access to the
>>> >>resource if I can prove I have the corresponding private key.
>>> >>
>>> >>The problem with 1 is that the nature of URIs makes it hard to keep
>>> >>them secret.
>> >
>> >
>> >They should never be secret. Just like keeping email addresses secret is a
>> >flaw that reflects folks accepting system deficiency etc..
> Well, if they are not secret, then you do not get the security benefit
> and you end up having to use ACLs, which makes you vulnerable to the
> confused deputy problem.

Only in a totalitarian state.

>
>>> >>People like to send them in emails and IMs and they leak
>>> >>quite easily.
>> >
>> >
>> >See comment above.
>> >
>> >
>>> >>
>>> >>The problem with 2 (which, it should be obvious, fits quite neatly
>>> >>with WebIDs) is that it requires changes to clients and servers to do
>>> >>the key proof. Or maybe not, actually ... I guess it could be done at
>>> >>the back end, wherever you do ACL checks, by instead correlating the
>>> >>URI and the key presented in the WebID cert.
>> >
>> >Yes, and that's what those of us showcasing WebID based ACLs are doing. We
>> >are leveraging existing technology supported by browsers, email clients
>> >etc..
> You are showcasing ACLs, which, as I have said, have not served us
> well, and have known problems.

Put the letters A-C-L aside, I am demonstrating the ability to constrain 
access to data based on logic. I don't simply have a list of WebIDs or 
WebIDs for groups. I have actual query logic at my disposal too re., 
this capability. Said query logic is webby i.e., it work transitively 
over the Giant Global Graph (GGG) that is the Web.
>


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Thursday, 27 September 2012 13:37:05 UTC