Webkeys vs the web
Chip Morningstar started [this thread] on the cap-talk mailing list.
"No! That isn't what I meant!"
Use- and Abuse-Cases
For each: how does it come up? How to enable or prevent?
* [Clickjacking] * Process of purposely giving away a powerful key? * Get a powerful key, accidentally email to the wrong person. * Process of receiving a powerful key * What's the equivalent of the file-open dialog box?
Browser properties needed
Are current browsers' basic abilities sufficient? Maybe with existing plugins? If not, what bits of software have to be there, or what pernicious bits need to be removed?
What do users assume? How do they behave?
What do developers assume? How do they behave?
If users give away powerful capabilities on purpose, then how are the following managed?
* Friends' identities * Capabilities that have been handed out