Core Patterns for Web Permissions

Google TechTalks
July 19, 2006

Tyler Close

Visiting Scientist Hewlett-Packard Laboratories

Mr. Close is a researcher and developer, working in the field of secure, multi-user, distributed applications since 1998.

ABSTRACT
In Authorization Based Access Control (ABAC) systems built with object-capabilities, an access policy is expressed by the shape of a reference graph: what a user can do is determined by where they are in the reference graph and what other parts of the graph are reachable from that point. By applying some basic cryptography to create links that act as “webkeys”, we can construct URL graphs that are compatible with today’s WWW infrastructure and additionally provide the…