Webkeys vs the web
From Erights
(Put in lots of stub sections.) |
(Asking how to make subsections instead of bulleted list.) |
||
(One intermediate revision not shown) | |||
Line 1: | Line 1: | ||
- | + | This page is a [[Whiteboards|whiteboard]] about [[http://www.eros-os.org/pipermail/cap-talk/2009-March/012406.html this thread]] that Chip Morningstar started on the cap-talk mailing list. | |
== The problem == | == The problem == | ||
Line 8: | Line 8: | ||
For each: how does it come up? How to enable or prevent? | For each: how does it come up? How to enable or prevent? | ||
+ | |||
+ | Doh, these should be subsections instead of a bulleted list, would appreciate if someone | ||
+ | can make them so. | ||
* [[http://en.wikipedia.org/wiki/Clickjacking Clickjacking]] | * [[http://en.wikipedia.org/wiki/Clickjacking Clickjacking]] | ||
- | * | + | * Meant to show friend how to withdraw from ''her'' bank account. |
* Get a powerful key, accidentally email to the wrong person. | * Get a powerful key, accidentally email to the wrong person. | ||
+ | * Process of purposely giving away a powerful key? | ||
* Process of receiving a powerful key | * Process of receiving a powerful key | ||
* What's the equivalent of the file-open dialog box? | * What's the equivalent of the file-open dialog box? |
Latest revision as of 18:15, 12 April 2009
This page is a whiteboard about [this thread] that Chip Morningstar started on the cap-talk mailing list.
Contents |
The problem
"No! That isn't what I meant!"
Use- and Abuse-Cases
For each: how does it come up? How to enable or prevent?
Doh, these should be subsections instead of a bulleted list, would appreciate if someone can make them so.
* [Clickjacking] * Meant to show friend how to withdraw from her bank account. * Get a powerful key, accidentally email to the wrong person. * Process of purposely giving away a powerful key? * Process of receiving a powerful key * What's the equivalent of the file-open dialog box?
Browser properties needed
Are current browsers' basic abilities sufficient? Maybe with existing plugins? If not, what bits of software have to be there, or what pernicious bits need to be removed?
What do users assume? How do they behave?
What do developers assume? How do they behave?
Does security depend on developers never copy-and-pasting the wrong, but intuitive bit of Javascript or HTML?
Larger infrastructure
Mention Waterken.
If users give away powerful capabilities on purpose, then how are the following managed?
* Friends' identities * Capabilities that have been handed out
Code samples
Might want to put some advice about how to quote HTML and Javascript code here.