Webkeys vs the web
"No! That isn't what I meant!"
Use- and Abuse-Cases
For each: how does it come up? How to enable or prevent?
* [Clickjacking] * Meant to show friend how to withdraw from her bank account. * Get a powerful key, accidentally email to the wrong person. * Process of purposely giving away a powerful key? * Process of receiving a powerful key * What's the equivalent of the file-open dialog box?
Browser properties needed
Are current browsers' basic abilities sufficient? Maybe with existing plugins? If not, what bits of software have to be there, or what pernicious bits need to be removed?
What do users assume? How do they behave?
What do developers assume? How do they behave?
If users give away powerful capabilities on purpose, then how are the following managed?
* Friends' identities * Capabilities that have been handed out