Posted on 28-02-2008
Core Patterns For Web Permissions
Filed Under (documentation) by Linux Poweruser Programmer

Core Patterns for Web Permissions
Google engEDU
56 min – Jul 19, 2006

Google TechTalks
July 19, 2006

Tyler Close

Visiting Scientist Hewlett-Packard Laboratories

Mr. Close is a researcher and developer, working in the field of secure, multi-user, distributed applications since 1998.

ABSTRACT
In Authorization Based Access Control (ABAC) systems built with object-capabilities, an access policy is expressed by the shape of a reference graph: what a user can do is determined by where they are in the reference graph and what other parts of the graph are reachable from that point. By applying some basic cryptography to create links that act as "webkeys", we can construct URL graphs that are compatible with today’s WWW infrastructure and additionally provide the properties of distributed capabilities. Webkeys enable users to achieve password-free fine-grain access control implicitly, simply by sending one another links to the pages they want to share. The webkey approach simultaneously provides developers with a powerful, and readily audited, access-control model.

In this talk, we’ll study the implementation of the CapWiki, which can serve as a private data space, a locally shared data space, a blog, and a wiki, simply by varying which links have been distributed to which people.
video
http://video.google.com/videoplay?docid=8799856896828158583

Sphere: Related Content

(0) Comments    Read More   
Post a Comment
Name:
Email:
Website:
Comments: