From Erights
(Difference between revisions)
|
|
Line 1: |
Line 1: |
- | This page is a [[Whiteboards|whiteboard]] about [[http://www.eros-os.org/pipermail/cap-talk/2009-March/012406.html this thread]] that Chip Morningstar started on the cap-talk mailing list.
| + | Chip Morningstar started [[http://www.eros-os.org/pipermail/cap-talk/2009-March/012406.html this thread]] on the cap-talk mailing list. |
| | | |
- | == The problem ==
| + | This article on the ERights wiki is...a nice clean whiteboard. You can help by scribbling all over it. |
- | | + | |
- | "No! That isn't what I meant!"
| + | |
- | | + | |
- | == Use- and Abuse-Cases ==
| + | |
- | | + | |
- | For each: how does it come up? How to enable or prevent?
| + | |
- | | + | |
- | Doh, these should be subsections instead of a bulleted list, would appreciate if someone
| + | |
- | can make them so.
| + | |
- | | + | |
- | * [[http://en.wikipedia.org/wiki/Clickjacking Clickjacking]]
| + | |
- | * Meant to show friend how to withdraw from ''her'' bank account.
| + | |
- | * Get a powerful key, accidentally email to the wrong person.
| + | |
- | * Process of purposely giving away a powerful key? | + | |
- | * Process of receiving a powerful key
| + | |
- | * What's the equivalent of the file-open dialog box?
| + | |
- | | + | |
- | == Browser properties needed ==
| + | |
- | | + | |
- | Are current browsers' basic abilities sufficient? Maybe with existing plugins? If not, what bits of software have to be there, or what pernicious bits need to be removed?
| + | |
- | | + | |
- | == What do users assume? How do they behave? ==
| + | |
- | | + | |
- | == What do developers assume? How do they behave? ==
| + | |
- | | + | |
- | Does security depend on developers never copy-and-pasting the wrong, but intuitive bit of Javascript or HTML?
| + | |
- | | + | |
- | == Larger infrastructure ==
| + | |
- | | + | |
- | Mention Waterken.
| + | |
- | | + | |
- | If users give away powerful capabilities on purpose, then how are the following managed?
| + | |
- | * Friends' identities
| + | |
- | * Capabilities that have been handed out
| + | |
- | | + | |
- | == Code samples ==
| + | |
- | | + | |
- | Might want to put some advice about how to quote HTML and Javascript code here.
| + | |
Revision as of 17:19, 12 April 2009
Chip Morningstar started [this thread] on the cap-talk mailing list.
This article on the ERights wiki is...a nice clean whiteboard. You can help by scribbling all over it.