Monday, April 28, 2008

Confused Deputy

Doc Searls has noticed the failure of WordPress to protect against the Confused Deputy problem.

Until we get a solution in place, the Internet is no longer subject to Metcalfe's law.

The lost value is staggering, though it's probably up there on the scale of the social surplus recently noticed by Clay Shirky. It's definitely larger that the 10.5 Billion that we're spending annually just to bail out the water and keep the boat afloat.

We need open source projects that bring capabilities into the mainstream. I'm open for suggestions as to where to start.

1 comment:

Dean Landolt said...

So how would you suggest scaling capabilities to the internet? Everything I've always read about capability-based security alludes to persisting and passing file handles, but what does this look like on the web?

Of course, more ACLs only lead to more confused deputy deputies, but how do you actually pass capabilities? The closest I can think of is OAuth, but frankly, I don't quite understand...

Can you elaborate a little further on what you're envisioning?