Suggested additions to TAG working draft on Capability URLs from Noah Mendelsohn on 2014-09-28 (www-tag@w3.org from September 2014)

From: Noah Mendelsohn <nrm@arcanedomain.com>
Date: Sat, 27 Sep 2014 23:15:48 -0400
To: "www-tag@w3.org" <www-tag@w3.org>, Jeni Tennison <jeni@jenitennison.com>
Message-ID: <54277D64.9050106@arcanedomain.com>

At its July 2014 F2F the TAG kindly invited me to participate in the 
discussion of Capability URLs [1]. I took an action to propose some 
additional text for the introductory sections, and especially to illustrate 
with examples the risks of unintended URL disclosure.

I apologize for having taken so long, but I have now drafted some proposed 
changes. Since I don't believe I have permission to push to the shared Git 
repo for this document (or maybe my Git foo is just insufficient), I have 
put up a draft at [2]. I strongly suggest that this be moved to some space 
that's under the TAG's control so there will be a stable copy for discussion.

Summary of changes included in [2]:

* Introduction: One line addition to list of topics described (added: 
"Issues relating to keeping URLs secret")

* What was section 4.1 is renumbered as 4.1.1 and titled "Exposure Risk 
Analysis". The text in that section is otherwise unchanged.

* A new section 4.1.2 provides two concrete examples of scenarios in which 
exposure might be problem, illustrating mechanisms by which the URLs can leak.

* In the existing section on application design, the sentence introducting 
suggested good practices is replaced with: "The sections above on Risks of 
Exposure [link] highlight the challenges of protecting Capability URLs from 
unintended discovery. When considering use of Capbility URLs it is 
essential to ensure that such risks can me sufficiently mitigated to 
provide the security required for the each particular application. The 
following techniques are recommended and will in many cases provide 
adequate security:" (the list of suggested good practices is unchanged).

Of course, I welcome editorial changes or other improvements, but I 
strongly feel that some change along these lines is essential if the 
document is to provide balanced advice.

In any case, I hope that these changes are helpful to the TAG in advancing 
this important work.

Noah

[1] http://www.w3.org/2001/tag/2014/07/23-f2f-minutes.html#capability
[2] http://www.eecs.tufts.edu/~noah/w3c/capability-urls/2014-09-27-Noah.html
[3] http://www.w3.org/TR/capability-urls/

P.S. on HTML plumbing of the document: The changes are all marked with CSS 
class="noah" and are thus easy to find (in one case I had to use 
class='noah' to keep respec happy), and that class is rendering in magenta. 
So, skim for purple text and you'll find it. The changes were based on 
index.html [3] as checked into the Github repo evening of 9/27/2014 Also, 
the only examples I could find were formatted <pre class="example"> so I 
used that, even though <p class="example"> would be more appropriate for 
the new ones.

Received on Sunday, 28 September 2014 03:16:09 UTC