Transcript web-key: Mashing with Permission

web-key: Mashing with
Permission
Highlights and examples from the paper,
and an open discussion
http://waterken.sf.net/web-key/
Security vs. the Web
• Casualties of the username/password:
– Global identification
• Sharing a resource by passing a URL
– Orthogonality
• Hypertext can refer to a resource by URL only
– Global scope
• A URL means the same thing everywhere
• Got us the Same Origin Policy
Security vs. the Web
• … and often doesn’t actually result in the
security we wanted
– Loss of global identification
• User revolt to “something you know”
– Loss of orthogonality
• Pervasive prompting => phishing
– Loss of global scope
• XSRF: this global identifier means something
different when you use it
– My Access Control List doesn’t control access?
The Web with security
• What security properties can we add to the
Web without breaking it and would they be
useful in real applications?
– A URL is a lot like a reference.
– Capability-security gets its security from
enforcing the properties of references.
– Check the protocols and clients to see if it’s a
good fit.
The Web as capability system
• Referer header almost makes the Web a
dynamically scoped language
• Some referential integrity from HTTPS
• Windowing API in the browser is hysterical
– Survivable, but does require some care
• Address bar shows reference bits
– Can mitigate or ignore if no one’s looking
https://yurl.net/-/#kzqxsxbub4742a
•
•
•
•
•
•
Global Id, Orthogonality, Global Scope
Global id = Just click
Orthogonality = No prompting
Global scope = no XSRF
Global scope = no need for Same Origin
Global id = fine grained access for mashup