> We should scrap all this and do something better. I'm really glad to see that there's interest in a new and better design.
> One thought I had the other week is to enable privileges implicitly > based on "latent trust": site has good CA-signed cert, you've connected > with SSL, you've got a password saved for this site, you are logged in. > Such a site could have some awesome powers, but not super-powers. ... but let's not do that. Almost anything would be better than ambient authority that floats around and becomes magically available to anything that wants it, depending on arbitrary complex rules. Let's talk about exactly what kind of powers these programs are going to need and look at how these powers get transmitted from the user to the program. -- ?!ng _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security