DanC_: capability-based approach to information sharing in web apps. [I think]
DanC_: found via a cap-talk thread
DanC_: folks working on web-id, please look at this stuff. web-id separates authentication from authorization, which leads to confused-deputy attacks.
DanC_: e.g. click-jacking. This capability stuff is, theoretically, necessary and sufficient to address the issue. The open research question is: can we/they make it usable?
DanC_: promoted to madmode post
