[p2p-hackers] Re: [rest-discuss] Re: RESTful authorization

Justin Chapweske justin at chapweske.com
Tue Sep 27 13:25:21 UTC 2005 

Based on your description, such as a system wouldn't work very well due
to leaks from referrers, logging, and other systems that don't mind
communicating about visited URLs.

Its for this same reason that people should be careful with private
wikis linking to external sites.  For instance, if I have a private wiki
page called 'SwarmingPagerankPatent' for some fictitious new innovation
that we've brewed up, and I were to click on an external URL link from
that page, that information would now be available in someone's referrer
logs.

So, if you guys know any wiki authors, encourage them to automatically
insert a referrer scrubber/redirect page when following any external
URLs.

-Justin

--
Justin Chapweske, Founder and CEO - Swarmcast
http://onionnetworks.com/

On Mon, 2005-09-26 at 12:46 -1000, Lucas Gonze wrote:
> p2p-hackers, meet rest-discuss.  rest-discuss, I'd like to introduce you 
> to p2p-hackers.
> 
> RESTafarians: there is a long-running conversation on p2p-hackers about 
> friendnets, also known as darknets, small world networks, and F2F 
> networks; also capabilities security, sometimes known as smart 
> contracts.  An example thread begins at 
> http://zgp.org/pipermail/p2p-hackers/2005-August/002915.html 
> 
> p2p-hackers: Tyler Close' method for HTTP access control using nothing 
> but unguessable (and secret) URIs came up on REST-discuss.  That thread 
> begins at http://groups.yahoo.com/group/rest-discuss/message/5228  In 
> the context of friendnets, Tyler's scheme is a beautifully simple way of 
> controlling access using nothing but low-tech means.  Not only does it 
> limit access to trusted parties, it also allows for transitive 
> relationships.  (Warning: his scheme is counterintuitive, since the 
> dependence on secret URLs smells like security through obscurity).
> 
> I don't mean to create a permathread out of out of this cc:list, rather 
> to refer interested rest-discuss people to p2p-hackers and vice versa.  
> If you reply to this, please choose one list or the other as the 
> recipient. 
> 
> I've always been surprised that the intersection of REST and 
> capabilities isn't a common theme, since both REST and capabilities 
> revolve around precisely defined relationships.  The success of defining 
> HTTP methods in terms of privileges is due, I believe, to the way that 
> it reflects the same underlying truth that capabilities formalize.
> 
> 
> 
> _______________________________________________
> p2p-hackers mailing list
> p2p-hackers at zgp.org
> http://zgp.org/mailman/listinfo/p2p-hackers
> _______________________________________________
> Here is a web page listing P2P Conferences:
> http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

More information about the P2p-hackers mailing list