[p2p-hackers] Re: [rest-discuss] Re: RESTful authorization
Lucas Gonze
lgonze at panix.com
Mon Sep 26 22:46:41 UTC 2005
p2p-hackers, meet rest-discuss. rest-discuss, I'd like to introduce you
to p2p-hackers.
RESTafarians: there is a long-running conversation on p2p-hackers about
friendnets, also known as darknets, small world networks, and F2F
networks; also capabilities security, sometimes known as smart
contracts. An example thread begins at
http://zgp.org/pipermail/p2p-hackers/2005-August/002915.html
p2p-hackers: Tyler Close' method for HTTP access control using nothing
but unguessable (and secret) URIs came up on REST-discuss. That thread
begins at http://groups.yahoo.com/group/rest-discuss/message/5228 In
the context of friendnets, Tyler's scheme is a beautifully simple way of
controlling access using nothing but low-tech means. Not only does it
limit access to trusted parties, it also allows for transitive
relationships. (Warning: his scheme is counterintuitive, since the
dependence on secret URLs smells like security through obscurity).
I don't mean to create a permathread out of out of this cc:list, rather
to refer interested rest-discuss people to p2p-hackers and vice versa.
If you reply to this, please choose one list or the other as the
recipient.
I've always been surprised that the intersection of REST and
capabilities isn't a common theme, since both REST and capabilities
revolve around precisely defined relationships. The success of defining
HTTP methods in terms of privileges is due, I believe, to the way that
it reflects the same underlying truth that capabilities formalize.
More information about the P2p-hackers
mailing list