Delegation in SOLID

10 views

Skip to first unread message

Alan Karp

unread,

Jan 20, 2025, 1:30:16 PMJan 20

to cap-...@googlegroups.com, <friam@googlegroups.com>

Solid is Tim Berners-Lee's new vision for the web. Access control uses ACLs.

https://ceur-ws.org/Vol-3705/paper02.pdf is a paper describing how delegation works. The key point is that Alice constructs a request (2) that gets signed by the organization (6). Security depends on correctly enforcing the policy (4). The paper provides a formal proof of the validity of their approach.

It seems to me that a complex enough policy might be provably correct but still vulnerable to a confused deputy attack due to unexpected combinations of the rules.