Groups
Conversations
All groups and messages
Send feedback to Google
Help
Training
Sign in
Groups
cap-talk
Conversations
About
Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
cap-talk
Contact owners and managers
1–30 of 479
Mark all as read
Report group
0 selected
Alan Karp
,
John Kemp
4
Jun 13
Relevant to the recent thread
El 06/13/25 a las 16:08, Alan Karp escribió: > I read through your slides, and now I wish I could
unread,
Relevant to the recent thread
El 06/13/25 a las 16:08, Alan Karp escribió: > I read through your slides, and now I wish I could
Jun 13
Alan Karp
, …
John Carlson
41
Jun 13
Is this a confused deputy?
I agree with a lot of what you say, but not everything. The main difference is "confused deputy
unread,
Is this a confused deputy?
I agree with a lot of what you say, but not everything. The main difference is "confused deputy
Jun 13
Alan Karp
,
Mark S. Miller
2
May 17
Capabilities and prompt injection
On Fri, May 16, 2025 at 9:16 PM Alan Karp <alan...@gmail.com> wrote: I found the statement I
unread,
Capabilities and prompt injection
On Fri, May 16, 2025 at 9:16 PM Alan Karp <alan...@gmail.com> wrote: I found the statement I
May 17
Raoul Duke
Apr 28
et tu usb?
> Changes here have a negative impact on the user experience, which is why manufacturers are
unread,
et tu usb?
> Changes here have a negative impact on the user experience, which is why manufacturers are
Apr 28
F. Randall Farmer
, …
Mark S. Miller
5
Mar 7
DNS for ocapn.org expiring soon...
Still interested enough. I'll take it. Thanks! On Fri, Mar 7, 2025 at 12:10 PM F. Randall Farmer
unread,
DNS for ocapn.org expiring soon...
Still interested enough. I'll take it. Thanks! On Fri, Mar 7, 2025 at 12:10 PM F. Randall Farmer
Mar 7
John Carlson
, …
Alan Karp
23
Jan 22
Loops in revocable capability chains .
While we're on the (off) topic, the W3C community uses Jitsi for its meetings. --------------
unread,
Loops in revocable capability chains .
While we're on the (off) topic, the W3C community uses Jitsi for its meetings. --------------
Jan 22
John Carlson
Jan 21
Strawman: Multiparty encrypted content
Copyright 2024 John Carlson I don't remember if I sent this or not. There are corrections. Multi-
unread,
Strawman: Multiparty encrypted content
Copyright 2024 John Carlson I don't remember if I sent this or not. There are corrections. Multi-
Jan 21
Alan Karp
Jan 20
Delegation in SOLID
Solid is Tim Berners-Lee's new vision for the web. Access control uses ACLs. https://ceur-ws.org/
unread,
Delegation in SOLID
Solid is Tim Berners-Lee's new vision for the web. Access control uses ACLs. https://ceur-ws.org/
Jan 20
John Carlson
10/21/24
Desktop version works on Safari web
But it really is unfriendly.
unread,
Desktop version works on Safari web
But it really is unfriendly.
10/21/24
Mark S. Miller
,
John Carlson
3
10/21/24
I send this using the "+ New Conversation" button on the web ui.
Apparently the iPhone web UI experience is different, or I'm missing something obvious. I'll
unread,
I send this using the "+ New Conversation" button on the web ui.
Apparently the iPhone web UI experience is different, or I'm missing something obvious. I'll
10/21/24
Kevin Reid
, …
Mark S. Miller
3
10/20/24
Goblins CapTP
None of my experiments were from an iphone or from Safari. All were from Brave on my Mac laptop. On
unread,
Goblins CapTP
None of my experiments were from an iphone or from Safari. All were from Brave on my Mac laptop. On
10/20/24
Raoul Duke
10/14/24
Indirection kills security.
https://news.ycombinator.com/item?id=41818459 An empirical soap box conclusion is that indirection
unread,
Indirection kills security.
https://news.ycombinator.com/item?id=41818459 An empirical soap box conclusion is that indirection
10/14/24
Raoul Duke
, …
John Carlson
19
9/26/24
web cors alternative advocacy
Yes, at a fundamental level. But there should be a wide variety of ways to organize contact names,
unread,
web cors alternative advocacy
Yes, at a fundamental level. But there should be a wide variety of ways to organize contact names,
9/26/24
Alan Karp
9/14/24
A simple introduction to OAuth 2
https://stack-auth.com/blog/oauth-from-first-principles?utm_source=substack&utm_medium=email does
unread,
A simple introduction to OAuth 2
https://stack-auth.com/blog/oauth-from-first-principles?utm_source=substack&utm_medium=email does
9/14/24
Raoul Duke
7/7/24
usability lets us down
Re: Signal desktop app not encrypting encryption keys, if the host OS eg linux does not have solid ux
unread,
usability lets us down
Re: Signal desktop app not encrypting encryption keys, if the host OS eg linux does not have solid ux
7/7/24
Raoul Duke
6/26/24
better than oauth et. al.?
security is hard, so is usability. it would be interesting if there are things which are less bad
unread,
better than oauth et. al.?
security is hard, so is usability. it would be interesting if there are things which are less bad
6/26/24
Alan Karp
4/3/24
Certificate capability system when nodes can't sign
I've been lurking on the Distributed Web Node (DWN) working group meetings. A DWN is a set of
unread,
Certificate capability system when nodes can't sign
I've been lurking on the Distributed Web Node (DWN) working group meetings. A DWN is a set of
4/3/24
Mark S. Miller
3/14/24
Fwd: Opportunity in Usable Security: Applications wanted for the Norm Hardy Prize
---------- Forwarded message --------- From: Foresight Intelligent Cooperation Group <foresight-
unread,
Fwd: Opportunity in Usable Security: Applications wanted for the Norm Hardy Prize
---------- Forwarded message --------- From: Foresight Intelligent Cooperation Group <foresight-
3/14/24
Alan Karp
2/26/24
Expressing policies in capability systems
Rich Authorization Request extension to OAuth 2 is a way to express access policies in a capability
unread,
Expressing policies in capability systems
Rich Authorization Request extension to OAuth 2 is a way to express access policies in a capability
2/26/24
Pierre Thierry
, …
Alan Karp
5
2/15/24
The necessity for delegation
On Wed, Feb 14, 2024 at 9:03 PM Pierre Thierry <kep...@gmail.com> wrote: Le lundi 5 février
unread,
The necessity for delegation
On Wed, Feb 14, 2024 at 9:03 PM Pierre Thierry <kep...@gmail.com> wrote: Le lundi 5 février
2/15/24
Alan Karp
2/14/24
Fwd: HTTP Message Signatures is now RFC 9421
The key phrase is, "like Authorization Capabilities (ZCAPs), that make use of this specification
unread,
Fwd: HTTP Message Signatures is now RFC 9421
The key phrase is, "like Authorization Capabilities (ZCAPs), that make use of this specification
2/14/24
Alan Karp
2/6/24
Talk: Secure by Design
Do you think he'll mention capabilities? “Secure by Design: CISA's Plan to Foster Tech
unread,
Talk: Secure by Design
Do you think he'll mention capabilities? “Secure by Design: CISA's Plan to Foster Tech
2/6/24
Raoul Duke
2/6/24
on concurrency
hi, i think i like this paper. so far. concurrency feels like it comes up often enough in the cap-
unread,
on concurrency
hi, i think i like this paper. so far. concurrency feels like it comes up often enough in the cap-
2/6/24
Alan Karp
, …
Tony Arcieri
3
2/6/24
A project using Macaroons
On Sun, Feb 4, 2024 at 1:40 PM Baldur Jóhannsson <zaru...@gmail.com> wrote: Hmm... they
unread,
A project using Macaroons
On Sun, Feb 4, 2024 at 1:40 PM Baldur Jóhannsson <zaru...@gmail.com> wrote: Hmm... they
2/6/24
Alan Karp
,
David Nicol
2
1/13/24
Who came up with the term
of course not, unless you can demonstrate a policy-valid need to know. ha ha On Fri, Jan 12, 2024 at
unread,
Who came up with the term
of course not, unless you can demonstrate a policy-valid need to know. ha ha On Fri, Jan 12, 2024 at
1/13/24
Stewart Webb
12/17/23
OS caps x ocap languages masters thesis complete
Hi all, Some of you here may be interested in the Masters thesis I finally completed last year,
unread,
OS caps x ocap languages masters thesis complete
Hi all, Some of you here may be interested in the Masters thesis I finally completed last year,
12/17/23
Alan Karp
, …
Matt Rice
13
11/11/23
Sealer/unsealer with capability certificates
On Thu, Nov 9, 2023 at 9:41 AM Mark S. Miller <eri...@gmail.com> wrote: > > A comparison
unread,
Sealer/unsealer with capability certificates
On Thu, Nov 9, 2023 at 9:41 AM Mark S. Miller <eri...@gmail.com> wrote: > > A comparison
11/11/23
Alan Karp
11/10/23
Fwd: Alin Tomescu on Nov 16 -- UTT: Sensibly-Anonymous Decentralized Payments from Rerandomizable Signatures
Nothing about capabilities, but I believe some of you are interested in e-cash. The talks in this
unread,
Fwd: Alin Tomescu on Nov 16 -- UTT: Sensibly-Anonymous Decentralized Payments from Rerandomizable Signatures
Nothing about capabilities, but I believe some of you are interested in e-cash. The talks in this
11/10/23
Raoul Duke
10/24/23
rebooting might not be enough
> Rebooting was found to be ineffective to clear erroneous behavior, and only partially effective
unread,
rebooting might not be enough
> Rebooting was found to be ineffective to clear erroneous behavior, and only partially effective
10/24/23
Alan Karp
10/9/23
Things get complicated if you don't use capabilities
AWS has a confused deputy problem with its use of roles. This medium post describes how they propose
unread,
Things get complicated if you don't use capabilities
AWS has a confused deputy problem with its use of roles. This medium post describes how they propose
10/9/23