Google Tech Talks: Core Patterns for Web Permissions
In Authorization Based Access Control (ABAC) systems built with object-capabilities, an access policy is expressed by the shape of a reference graph: what a user can do is determined by where they are in the reference graph and what other parts of the graph are reachable from that point. By applying some basic cryptography to create links that act as "webkeys", we can construct URL graphs that are compatible with today's WWW infrastructure and additionally provide the properties of distributed capabilities. Webkeys enable users to achieve password-free fine-grain access control implicitly, simply by sending one another links to the pages they want to share. The webkey approach simultaneously provides developers with a powerful, and readily audited, access-control model. In this talk, we'll study the implementation of the CapWiki, which can serve as a private data space, a locally shared data space, a blog, and a wiki, simply by varying which links have been distributed to which people.
Google TechTalks July 19, 2006 Tyler Close
Visiting Scientist Hewlett-Packard Laboratories Mr. Close is a researcher and developer, working in the field of secure, multi-user, distributed applications since 1998.