Ka-Ping Yee wrote:
We should scrap all this and do something better.
I'm really glad to see that there's interest in a new and better
design.
Me too.
One thought I had the other week is to enable privileges implicitly
based on "latent trust": site has good CA-signed cert, you've connected
with SSL, you've got a password saved for this site, you are logged in.
Such a site could have some awesome powers, but not super-powers.
... but let's not do that. Almost anything would be better than
ambient authority that floats around and becomes magically available
to anything that wants it, depending on arbitrary complex rules.
Well, since you put it that way, who could disagree?
I meant something more specific, which imputes powers above the default
from existing trust assertions.
Let's talk about exactly what kind of powers these programs are going
to need and look at how these powers get transmitted from the user to
the program.
Agreed, I was just starting the ball rolling. It was stuck ;-).
/be
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
