On Friday, February 24, 2012 1:40:54 AM UTC+1, deitch wrote: > > It seems like that is the only thing. Essentially, these are two > completely different philosophies: > > 1- Authorization: each of us has a unique key to authenticate, and > authorization is controlled server-side. For Adam to give Eve access to > something, John must do so on the server, and all he tells Eve is "go > ahead, you can do it now." > 2- Capabilities: a unique key gives privilege rights for an action, and > identifies the right to do that action, rather than the actor. You can > share capabilities server-less. > > The problems I have with scenario 2 are: > a- auditing (this is security, right?) is impossible. If Adam shares a key > with Emily, we no longer know if it is Adam or Emily. > When you issue a login/password pair for your user, how can you be sure that the person who connected is the one who you shared the login/password with? You can't. Hence the problem when a server gets hacked and login/password pairs are revealed. Hence the problem that can come with teenagers sharing their credentials http://www.nytimes.com/2012/01/18/us/teenagers-sharing-passwords-as-show-of-affection.html?_r=1 With regard to sharing, capabilities are as vulnerable as any form of authentication to sharing. People sharing their login/password is a reality and has never prevented an audit. It's just something to be aware of when auditing.
On the positive side, with capabilities, it is possible to share with finer granulairty than access to your entire account. > b- behaviour is looser. Adam and Eve now share keys regularly, and may > even share them outside > They share on the basis that they trust one another. There is no problem from a security standpoint. If the security of your system relies on people not sharing anything ever, your system is already compromised. I get the "no need to change anything on the server part," but IMHO the > security issues outweigh. Now, if you combined them, that might be > interesting from a security perspective, but that begins to sound a lot > like Kerberos. > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
