Webkeys vs the web

From Erights

(Difference between revisions)
Jump to: navigation, search
(Just the stub.)
(Put in lots of stub sections.)
Line 1: Line 1:
Chip Morningstar started [[http://www.eros-os.org/pipermail/cap-talk/2009-March/012406.html this thread]] on the cap-talk mailing list.
Chip Morningstar started [[http://www.eros-os.org/pipermail/cap-talk/2009-March/012406.html this thread]] on the cap-talk mailing list.
-
This article on the ERights wiki is...a nice clean whiteboardYou can help by scribbling all over it.
+
== The problem ==
 +
 
 +
"No!  That isn't what I meant!"
 +
 
 +
== Use- and Abuse-Cases ==
 +
 
 +
For each: how does it come up?  How to enable or prevent?
 +
 
 +
* [[http://en.wikipedia.org/wiki/Clickjacking Clickjacking]]
 +
* Process of purposely giving away a powerful key?
 +
* Get a powerful key, accidentally email to the wrong person.
 +
* Process of receiving a powerful key
 +
* What's the equivalent of the file-open dialog box?
 +
 
 +
== Browser properties needed ==
 +
 
 +
Are current browsers' basic abilities sufficient?  Maybe with existing plugins?  If not, what bits of software have to be there, or what pernicious bits need to be removed?
 +
 
 +
== What do users assume?  How do they behave? ==
 +
 
 +
== What do developers assume?  How do they behave? ==
 +
 
 +
Does security depend on developers never copy-and-pasting the wrong, but intuitive bit of Javascript or HTML?
 +
 
 +
== Larger infrastructure ==
 +
 
 +
Mention Waterken.
 +
 
 +
If users give away powerful capabilities on purpose, then how are the following managed?
 +
  * Friends' identities
 +
  *  Capabilities that have been handed out
 +
 
 +
== Code samples ==
 +
 
 +
Might want to put some advice about how to quote HTML and Javascript code here.

Revision as of 17:45, 12 April 2009

Chip Morningstar started [this thread] on the cap-talk mailing list.

Contents

The problem

"No! That isn't what I meant!"

Use- and Abuse-Cases

For each: how does it come up? How to enable or prevent?

* [Clickjacking]
* Process of purposely giving away a powerful key?
* Get a powerful key, accidentally email to the wrong person.
* Process of receiving a powerful key
* What's the equivalent of the file-open dialog box?

Browser properties needed

Are current browsers' basic abilities sufficient? Maybe with existing plugins? If not, what bits of software have to be there, or what pernicious bits need to be removed?

What do users assume? How do they behave?

What do developers assume? How do they behave?

Does security depend on developers never copy-and-pasting the wrong, but intuitive bit of Javascript or HTML?

Larger infrastructure

Mention Waterken.

If users give away powerful capabilities on purpose, then how are the following managed?

 *  Friends' identities
 *  Capabilities that have been handed out

Code samples

Might want to put some advice about how to quote HTML and Javascript code here.

Personal tools
more tools